California sues Delta Air Lines over mobile privacy

Share this article:

In a first-of its kind lawsuit, the state of California is suing Delta Air Lines over alleged violations of its Online Privacy Protection Act, which requires, among other things, that companies clearly post privacy policies within their mobile apps.

California Attorney General Kamala Harris filed the suit Thursday in San Francisco Superior Court after Delta allegedly failed to post a policy in its “Fly Delta” app. The complaint contends that the app collects users' personally identifiable information (PII), including names, telephone numbers, email addresses, photographs, geolocations, residential and billing addresses and frequent flyer account numbers and associated PIN codes.

Private data – such as credit and debit card numbers; travel-related information, including emergency contacts; and traveler-related medical needs and dietary requests – are also allegedly captured by the app, as well as users' passport numbers and employer or corporate contact information. 

In letters issued in late October, Harris began warning mobile application developers and companies that have apps available for download, giving them 30 days to post "conspicuous" privacy policies for consumers. Companies may face penalties of up to $2,500 per violation, meaning each time the app is downloaded or used.  

In the filing, Harris claimed that Delta operated the Fly Delta app since at least 2010. While Delta does have a privacy policy listed on its website, the suit said it only details some of the PII it collects. The privacy policy also does not reference the mobile app.

“Delta does not disclose anywhere several types of PII that the Fly Delta app collects…” the suit said. “For example, the Fly Delta app collects consumer geolocation data and photographs. The Delta website privacy policy does not indicate that it collects geolocation data or photographs.”

SCMagazine.com reached out to Delta on Friday to inquire whether the company planned to post a privacy policy within the app in question, or if the company would challenge the suit. A spokesman for the airline said the company doesn't comment on pending litigation.

United Airlines and OpenTable, an online restaurant reservation service, were among the companies California officials contacted for alleged non-compliance. Developers or owners of 100 mobile apps were contacted by letter.

Reached on Friday, Nick Pacilio, a spokesman for the state attorney general's office, would not say whether more suits were expected to be launched against app distributors. 

He did say that letters went out on a rolling basis. “We are handling each company individually," he told SCMagazine.com.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.