Delta Finds Reprieve in State Court, but Not Everyone Will Get to Fly the Friendly Skies

California Attorney General Kamala Harris’ attempt to bring an enforcement action against Delta Air Lines, Inc. won’t be leaving the runway. California Superior Court Judge Marla J. Miller has dismissed a data privacy complaint against Delta brought by Attorney General Harris. The development comes as an unexpected bump in the road for the Attorney General’s office, which has made enforcement of state privacy regulations a top priority. Judge Miller agreed with Delta’s argument that the claim should be dismissed on federal preemption grounds.

As we wrote previously, the claim against Delta arose in connection with the “Fly Delta” mobile application which, according to Attorney General Harris, violates California’s Online Privacy Protection Act (“CalOPPA”) because it fails to post a privacy policy. In October 2012, Delta was one of 100 mobile application developers to receive a warning letter from the Attorney General’s office, requesting that its application be brought into compliance with state law. After the warning letter’s 30 day period expired, Attorney General Harris filed an action alleging that Delta’s application continued to engage in unfair business practices by violating CalOPPA.

While the dismissal of the complaint against Delta is not the outcome the Attorney General wanted, it is properly viewed as a set-back rather than defeat. The Attorney General’s office has worked systematically over the past two years to build consensus around its claim that mobile applications are an “online service” and therefore must comply with CalOPPA. Its complaint against Delta was widely viewed as a test case signaling the Attorney General’s intention to increase enforcement efforts. Although the complaint was dismissed, Judge Miller’s holding that the federal Airline Deregulation Act of 1978 preempts application of CalOPPA to the Fly Delta application is industry-specific. Attorney General Harris is still free to (and likely will) bring enforcement actions against non-compliant mobile applications that aren’t operated by commercial airlines. Whether the same preemption argument would apply to other federally-regulated industries remains an open question.

So then, if you’re not in the business of operating a commercial airline, what does this mean for you? It means there is no time like the present to make sure that your mobile application or website service complies with CalOPPA’s requirements. An advisor to Attorney General Harris has already confirmed that in addition to preparing an appeal of the dismissal of the claim against Delta, the Attorney General’s office is preparing to bring a number of additional enforcement actions. As we have noted previously, the $2,500 per violation fine associated with this type of claim would potentially be staggering, since each download of a non-compliant application would constitute a separate violation. The potential penalties likely exceed the cost to comply by a large multiple. As always, if you have any questions your Mintz Levin privacy team is ready to help.

Topics:  CalOPPA, Data Protection, Delta Airlines, Enforcement Actions, Mobile Apps

Published In: Civil Procedure Updates, Communications & Media Updates, Conflict of Laws Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz Levin - Privacy & Security Matters | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »