Privacy Litigation Alert: California Court Dismisses Attorney Generals Mobile App Privacy Suit Against Delta

A California Superior Court judge has dism​issed with prejudice a privacy suit brought by California Attorney General Kamala Harris against Delta Airlines. The complaint, filed in December of 2012, alleged that Atlanta-based Delta had violated California's Unfair Competition Law and the state's Online Privacy Protection Act (CalOPPA) by failing to provide a privacy policy within its "Fly Delta" mobile app and by violating the terms of its own website privacy policy in its mobile data collection practices. See The People of the State of California v. Delta Air Lines Inc., No. 12-526741 (Superior Court for the State of California, City and County of San Francisco, filed December 6, 2012, dismissed May 9, 2013).

The Attorney General's complaint against Delta marked the first enforcement action ever brought under California's Online Privacy Protection Act (CalOPPA), which requires that all commercial websites and online services that collect information from California Consumers must conspicuously post – and comply with – a privacy policy. The suit also represented an important test case in the state Attorney General's efforts to regulate and influence privacy practices in the mobile app space. Accordingly, the suit had been closely watched by app developers and privacy practitioners.

Unfortunately, the dismissal offers little guidance on any of the key questions that the lawsuit presented: whether the state Attorney General has authority to pursue CalOPPA claims against non-California operators; whether mobile apps qualify as websites or online services within the meaning of CalOPPA, and thus whether CalOPPA applies to mobile apps; and, if so, whether CalOPPA requires that privacy policies actually be contained and presented to consumers entirely within the mobile app.

Based on accounts of the dismissal hearing and subsequent statements made by Delta's attorneys, it appears that the court sustained Delta's demurrer on the narrow grounds that the Airline Deregulation Act of 1978 (ADA) preempted CalOPPA's application to the Fly Delta app, which provides airline-related "services" as defined by the ADA. Thus, while the ruling was a significant victory for Delta – which faced up to $2,500 in penalties for each copy of the non-compliant app downloaded by California consumers – the dismissal holds little significance or assurance for any website operators or app developers not associated with the airline industry.

Despite the dismissal and the limited holding, the state Attorney General's suit was successful in one respect: it raised awareness among app developers that the California AG's office interprets CalOPPA to apply to mobile apps and that it will take enforcement action. Whether the courts will share that interpretation and permit the enforcement is a separate question and remains to be seen.

For a more detailed account of the original complaint, California's Online Privacy Protection Act, and the California Attorney General's recent privacy initiatives, please see our previous client alert on this case from December of 2012.