The state of California is suing Delta Airlines, the first legal action taken under the state's online privacy law. The airline was cited for failing to conspicuously post a privacy policy within its mobile app, informing users of what personally identifiable information is being collected and what will be done with it.
"Losing your personal privacy should not be the cost of using mobile apps, but all too often it is," said California Attorney General Kamala Harris. "California law is clear that mobile apps collecting personal information need privacy policies, and that the users of those apps deserve to know what is being done with their personal information."
Privacy policy now required
The California Online Privacy Protection Act is a law requiring commercial operators of Websites and online services, including mobile and social apps, to inform California users of what information about them is being collected and how it will be used. Privacy policies promote transparency in how companies collect, use, and share personal information.
If developers do not comply with their stated privacy policies, they can be prosecuted under California's Unfair Competition Law and/or False Advertising Law.
The lawsuit claims that since at least 2010, Delta has operated a mobile app called "Fly Delta" for use on smartphones and other electronic devices.
The Fly Delta app may be used to check-in online for an airplane flight, view reservations for air travel, rebook cancelled or missed flights, pay for checked baggage, track checked baggage, access a user's frequent flyer account, take photographs and even save a user's geo-location.
Privacy policy never posted
Despite collecting substantial personally identifiable information such as a user's full name, telephone number, email address, frequent flyer account number and pin code, photographs and geo-location, the suit says the Fly Delta application does not have a privacy policy.
The suit seeks to stop Delta from distributing its app without a privacy policy and penalties of up to $2,500 for each violation.
The suit follows an agreement Harris forged among the seven leading mobile and social app platforms to improve privacy protections for millions of users around the globe who use apps on their smart phones, tablets, and other electronic devices. Those platforms - Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft, and Research in Motion - agreed to privacy principles designed to bring the industry in line with California law requiring mobile apps that collect personal information to have a privacy policy.
The agreement allows consumers the opportunity to review an app's privacy policy before they download the app rather than after, and offers consumers a consistent location for an app's privacy policy on the application-download screen in the platform store.
How they voted
Yes
Yes