Delta's Mobile Application's "Wings Clipped"


[author: Brian Karp]

A powerful reminder to the business community that it must take mobile application (“App”) privacy seriously was provided by California Attorney General Kamala D. Harris in the form a complaint filed against Delta Airlines, Inc. (“Delta”) last Thursday.

Attorney General Harris announced first ever legal action taken under the California Online Privacy Protection Act (“CalOPPA”), claiming Delta violated the statute by failing to conspicuously post a privacy policy accessible through the App within thirty (30) days of notification of noncompliance. CalOPPA “requires commercial operators of websites and online services, including mobile and social apps, which collect personally identifiable information from Californians to conspicuously post a privacy policy.”

Lest companies take comfort that their website privacy policies can keep them out of trouble with respect to mobile applications, the complaint against Delta claims that its website privacy policy (i) does not mention the App (ii) is not reasonably accessible to consumers of the App and (iii) does not disclose several types of personal information that the App collects but the website does not. Drawing inferences from these allegations, it is unlikely that companies can satisfy CalOPPA’s mobile application privacy requirements through a website privacy policy.

Meaningful penalties can attach to violations of CalOPPA, as Attorney General Harris’ suit seeks to enjoin Delta from distributing the App without a privacy policy that accurately describes all types of personal information collected, and also seeks fines of up to $2,500 for each violation.

The Attorney General’s announcement additionally notes that “if developers do not comply with their stated privacy policies, they can be prosecuted under California’s Unfair Competition Law and/or False Advertising Law."

California is ramping up efforts to enforce privacy laws, in particular with the creation of a Privacy Enforcement and Protection Unit earlier this year that will enforce laws related to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. A proactive approach to privacy practices by businesses with a national presence is likely to mitigate litigation risk in California (and otherwise).

To that end, agreements entered into earlier this year with the California Attorney General, first by, Apple, Google and three other tech giants, and then by Facebook, appear to have served the companies well in steering clear of trouble in California, a state acting as a leader in protection of consumer privacy.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:


BakerHostetler on:

JD Supra Readers' Choice 2016 Awards
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.