In a first-of its kind lawsuit, the state of California is suing Delta Air Lines over alleged violations of its Online Privacy Protection Act, which requires, among other things, that companies clearly post privacy policies within their mobile apps.
California Attorney General Kamala Harris filed the suit Thursday in San Francisco Superior Court after Delta allegedly failed to post a policy in its “Fly Delta” app.
The complaint contends that the app collects users' personally identifiable information (PII), including names, telephone numbers, email addresses, photographs, geolocations, residential and billing addresses and frequent flyer account numbers and associated PIN codes.
Private data – such as credit and debit card numbers; travel-related information, including emergency contacts; and traveler-related medical needs and dietary requests – are also allegedly captured by the app, as well as users' passport numbers and employer or corporate contact information.
In letters issued in late October, Harris began warning mobile application developers and companies that have apps available for download, giving them 30 days to post "conspicuous" privacy policies for consumers. Companies may face penalties of up to US$2500 (A$2383) per violation, meaning each time the app is downloaded or used.
In the filing, Harris claimed that Delta operated the Fly Delta app since at least 2010.
United Airlines and OpenTable, an online restaurant reservation service, were among the companies California officials contacted for alleged non-compliance.
Developers or owners of 100 mobile apps were contacted by letter.
Reached on Friday, Nick Pacilio, a spokesman for the state attorney general's office, would not say whether more suits were expected to be launched against app distributors.
He did say that letters went out on a rolling basis. “We are handling each company individually," he told SC.