California v. Delta Airlines, Inc.: CalOPPA requires mobile app privacy policies
Key points:
If an organization does not have a privacy policy that specifically addresses its mobile app information practices it may be prohibited from using personal data under California law.
In 2012, the California Attorney General (CA AG) brought a lawsuit against Delta Airlines for violating CalOPPA because its mobile app did not have a privacy policy. CA AG alleged that it was illegal under California law for Delta to use the data collected from its mobile app without providing a clear policy on how it used that data. Delta online privacy policy was not deemed sufficient to comply with CalOPPA by CA AG because it did ‘not mention the Fly Delta application, [was] not reasonably accessible to the consumers of the Fly Delta application,’ and failed to ‘disclose anywhere several types of [personally identifiable information] that the Fly Delta application collects but the Delta website does not collect.’
CA AG complain sought to enjoin Delta from distributing its mobile app and sought a $2,500 fine for each download of the Delta App.
The action was ultimately dismissed on preemption grounds on the basis that commercial airlines are subject to the federal Airline Deregulation Act which preempts state law consumer protection claims against commercial airlines.
Although the action was dismissed, it had the effect of pushing organizations to release mobile app specific policies and, in some cases, expand their online policies.
Resources
People of the State of California v. Delta Airlines complaint No. CGC-12–526741, (Sup. Ct. Sf. Cnty. Dec. 6, 2012)
