California sues Delta Air Lines over mobile privacy

Share this article:

In a first-of its kind lawsuit, the state of California is suing Delta Air Lines over alleged violations of its Online Privacy Protection Act, which requires, among other things, that companies clearly post privacy policies within their mobile apps.

California Attorney General Kamala Harris filed the suit Thursday in San Francisco Superior Court after Delta allegedly failed to post a policy in its “Fly Delta” app. The complaint contends that the app collects users' personally identifiable information (PII), including names, telephone numbers, email addresses, photographs, geolocations, residential and billing addresses and frequent flyer account numbers and associated PIN codes.

Private data – such as credit and debit card numbers; travel-related information, including emergency contacts; and traveler-related medical needs and dietary requests – are also allegedly captured by the app, as well as users' passport numbers and employer or corporate contact information. 

In letters issued in late October, Harris began warning mobile application developers and companies that have apps available for download, giving them 30 days to post "conspicuous" privacy policies for consumers. Companies may face penalties of up to $2,500 per violation, meaning each time the app is downloaded or used.  

In the filing, Harris claimed that Delta operated the Fly Delta app since at least 2010. While Delta does have a privacy policy listed on its website, the suit said it only details some of the PII it collects. The privacy policy also does not reference the mobile app.

“Delta does not disclose anywhere several types of PII that the Fly Delta app collects…” the suit said. “For example, the Fly Delta app collects consumer geolocation data and photographs. The Delta website privacy policy does not indicate that it collects geolocation data or photographs.” reached out to Delta on Friday to inquire whether the company planned to post a privacy policy within the app in question, or if the company would challenge the suit. A spokesman for the airline said the company doesn't comment on pending litigation.

United Airlines and OpenTable, an online restaurant reservation service, were among the companies California officials contacted for alleged non-compliance. Developers or owners of 100 mobile apps were contacted by letter.

Reached on Friday, Nick Pacilio, a spokesman for the state attorney general's office, would not say whether more suits were expected to be launched against app distributors. 

He did say that letters went out on a rolling basis. “We are handling each company individually," he told

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.