California AG Files Lawsuit Against Delta Airlines For Noncompliance With California’s Online Privacy Law

Yesterday, the California Attorney General filed a lawsuit against Delta Airlines, Inc. (“Delta”), alleging that Delta violated California’s Online Privacy Protection Act by failing to post a privacy policy within its Fly Delta mobile app. The lawsuit, which was filed in California Superior Court, is the first legal action following the Attorney General’s announcement in October that it sent notices to numerous mobile app operators, including Delta, that their apps did not comply with state privacy laws. The notices gave the operators 30 days to conspicuously post within their mobile apps a privacy policy that identifies the personal information that the app collects and how the information will be used.

According to the Attorney General’s Complaint (available here), the Fly Delta mobile app, which customers can use for flight check-ins, to view reservations, and to track checked baggage, does not have a privacy policy even though the app collects personal information including the user’s name, gender, date of birth, telephone number, frequent flyer account number, and, in some cases, photographs and geolocation information. The lawsuit notes that Delta posts an online privacy policy on, but states that the policy is insufficient because it does not refer to the Fly Delta app and is not reasonably accessible to app users.

The lawsuit seeks to enjoin Delta from distributing its app without a privacy policy and impose a penalty of up to $2,500 for each time the Fly Delta app is downloaded without including the required privacy policy.

This latest development follows the agreements reached earlier in the year between the Attorney General’s Office and Facebook, Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research In Motion, to improve privacy protections on mobile apps. The lawsuit against Delta is likely the first of multiple legal actions by the Attorney General against mobile app operators and is a clear signal to companies in the mobile app market that, to avoid a possible enforcement action, they must understand and comply with California privacy laws.