Unfortunately, the dismissal offers little guidance on any of the key questions that the lawsuit presented: whether the state Attorney General has authority to pursue CalOPPA claims against non-California operators; whether mobile apps qualify as websites or online services within the meaning of CalOPPA, and thus whether CalOPPA applies to mobile apps; and, if so, whether CalOPPA requires that privacy policies actually be contained and presented to consumers entirely within the mobile app.
Based on accounts of the dismissal hearing and subsequent statements made by Delta's attorneys, it appears that the court sustained Delta's demurrer on the narrow grounds that the Airline Deregulation Act of 1978 (ADA) preempted CalOPPA's application to the Fly Delta app, which provides airline-related "services" as defined by the ADA. Thus, while the ruling was a significant victory for Delta – which faced up to $2,500 in penalties for each copy of the non-compliant app downloaded by California consumers – the dismissal holds little significance or assurance for any website operators or app developers not associated with the airline industry.
Despite the dismissal and the limited holding, the state Attorney General's suit was successful in one respect: it raised awareness among app developers that the California AG's office interprets CalOPPA to apply to mobile apps and that it will take enforcement action. Whether the courts will share that interpretation and permit the enforcement is a separate question and remains to be seen.
For a more detailed account of the original complaint, California's Online Privacy Protection Act, and the California Attorney General's recent privacy initiatives, please see our previous client alert on this case from December of