California sues Delta Air Lines over mobile privacy

Share this article:

In a first-of its kind lawsuit, the state of California is suing Delta Air Lines over alleged violations of its Online Privacy Protection Act, which requires, among other things, that companies clearly post privacy policies within their mobile apps.

California Attorney General Kamala Harris filed the suit Thursday in San Francisco Superior Court after Delta allegedly failed to post a policy in its “Fly Delta” app. The complaint contends that the app collects users' personally identifiable information (PII), including names, telephone numbers, email addresses, photographs, geolocations, residential and billing addresses and frequent flyer account numbers and associated PIN codes.

Private data – such as credit and debit card numbers; travel-related information, including emergency contacts; and traveler-related medical needs and dietary requests – are also allegedly captured by the app, as well as users' passport numbers and employer or corporate contact information. 

In letters issued in late October, Harris began warning mobile application developers and companies that have apps available for download, giving them 30 days to post "conspicuous" privacy policies for consumers. Companies may face penalties of up to $2,500 per violation, meaning each time the app is downloaded or used.  

In the filing, Harris claimed that Delta operated the Fly Delta app since at least 2010. While Delta does have a privacy policy listed on its website, the suit said it only details some of the PII it collects. The privacy policy also does not reference the mobile app.

“Delta does not disclose anywhere several types of PII that the Fly Delta app collects…” the suit said. “For example, the Fly Delta app collects consumer geolocation data and photographs. The Delta website privacy policy does not indicate that it collects geolocation data or photographs.”

SCMagazine.com reached out to Delta on Friday to inquire whether the company planned to post a privacy policy within the app in question, or if the company would challenge the suit. A spokesman for the airline said the company doesn't comment on pending litigation.

United Airlines and OpenTable, an online restaurant reservation service, were among the companies California officials contacted for alleged non-compliance. Developers or owners of 100 mobile apps were contacted by letter.

Reached on Friday, Nick Pacilio, a spokesman for the state attorney general's office, would not say whether more suits were expected to be launched against app distributors. 

He did say that letters went out on a rolling basis. “We are handling each company individually," he told SCMagazine.com.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.