This week the California Attorney General brought the first enforcement action to test California’s Online Privacy Protection Act.  The complaint against Delta Airlines, Inc. alleges that Delta’s mobile app, “Fly Delta,” fails to comply with the state’s privacy law.  Fly Delta allows users to view flight status and check reservations online.  The complaint alleges that the app collects substantial personally identifiable information, including geo-location, photographs, a user’s full name and email address without a clear privacy notice.  The Attorney General seeks to prevent Delta from distributing its app without a privacy policy.

California’s law is the first and only state law requiring online businesses and operators of mobile application platforms to post conspicuous privacy notices.  The California privacy law extends beyond businesses in California to any online business that collects personally identifiable information from California citizens.  This includes owners and operators of websites and online services.  California’s privacy policy requirements do not apply to Internet service providers and other third parties that operate, host or manage websites and online services on another’s behalf.

Mobile application developers who collect personal information through their applications and services are committed to post conspicuous privacy policies under an agreement between the Attorney General and Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft and Research in Motion.  Under the agreement, consumers must have the chance to review an app’s privacy policy before download.  The privacy notice must appear in a prominent and consistent location on the application download screen.  If developers do not comply with their stated privacy policies, they can be prosecuted under California’s Unfair Competition or False Advertising laws.

If you would like to learn more about this enforcement action or privacy practices, please contact the attorney assigned to your account.