California sues Delta for privacy violations

California’s attorney general has filed a lawsuit against Delta Airlines, accusing it of failing to display the required privacy policy in its mobile app.

It’s the first time a prosecution has been brought under the state’s 2004 Online Privacy Protection Act, which requires websites and apps that collect personal information to prominently display a privacy policy which can be read before the app is downloaded.

Delta is one of more than 100 companies that were warned they were breaking the law in October and given 30 days to comply.

“Losing your personal privacy should not be the cost of using mobile apps, but all too often it is,” says attorney general Kamala Harris.

“California law is clear that mobile apps collecting personal information need privacy policies, and that the users of those apps deserve to know what is being done with their personal information.”

For the last two years, Delta has operated a mobile app called Fly Delta that can be used to check in online for an airplane flight, view reservations for air travel, rebook cancelled or missed flights, pay for checked baggage, track checked baggage, access a user’s frequent flyer account, take photographs and even save a user’s geo-location.

But while the app collects a substantial amount of personally identifiable information – such as a user’s full name, telephone number, email address, frequent flyer account number and pin code, photographs, and geo-location – it doesn’t display a privacy policy.

Harris is now looking to prevent Delta from distributing its app without a privacy policy, and is calling for penalties of up to $2,500 for each violation.