Should e-retailers be permitted to demand that online customers provide them with intrusive personal information? In a ruling that ought to trouble us all, the California Supreme Court last week said yes.

In a 4-3 decision, the court ruled against a customer who did not want to provide his home address and phone number in order to download music from Apple. The court's majority held that an aging law which prevents brick and mortar retailers from demanding such information does not apply to online retailers. They sided with the e-retailers, who claim collecting the data is necessary for the prevention of identity theft and fraud.

The dissenting justices, however, point out that the ruling both erodes consumer privacy protection and frees those retailers to sell their customers' personal information to other companies.

Consumer advocacy organizations echo the dissenting justices in arguing that online retailers can surely find ways to protect against fraud without collecting unnecessary personal data. And they are correct.

The Legislature needs to take up the matter and amend the state's consumer protection law, with an emphasis on balancing e-retailers' legitimate fraud and theft concerns with consumers' equally legitimate privacy concerns.