California sues Delta Airlines over mobile app privacy violations


California's attorney general has filed the state's first-ever mobile application privacy lawsuit against Delta Airlines, alleging the Atlanta-based carrier failed to properly clarify what personal information it collects from consumers and what it does with that data.

According to the suit filed yesterday in San Francisco Superior Court by California AG Kamala D. Harris, Delta is in violation of the California Online Privacy Protection Act, which requires commercial websites and digital services--including mobile apps--that collect personally identifiable information to conspicuously post a privacy policy. The complaint states that the Fly Delta traveler app collects information like the user's full name, telephone number, email address, frequent flyer account number and location but does not display a privacy policy. "Users of the Fly Delta application do not know what personally identifiable information Delta collects about them, how Delta uses that information, or to whom that information is shared, disclosed or sold," the lawsuit says.

The suit seeks immediate changes to the Fly Delta app and penalties of up to $2,500 for each violation. Harris adds Delta was given 30 days to comply with the Online Privacy Protection Act before the suit was filed.

The suit against Delta follows 10 months after Apple (NASDAQ:AAPL), Google (NASDAQ:GOOG), Amazon (NASDAQ:AMZN), Research In Motion (NASDAQ:RIMM), Microsoft (NASDAQ:MSFT) and Hewlett Packard agreed to expanded privacy principles bringing the mobile ecosystem in line with the California Online Privacy Protection Act. The agreement commits the six platform providers to educating developer partners about their obligations to respect consumer privacy and to disclose what private information they collect, how they use the information and with whom it is shared. The companies also must offer tools for users to report non-compliant apps and implement processes to respond to customer concerns.

"It is surprising that Delta didn't fix their privacy policy in the first place--it is pretty easy," Justin Brookman, the director of consumer privacy at the Center for Democracy and Technology, told The Wall Street Journal. He added that posting data collection policies is just the first step toward addressing the mobile industry's privacy issues: "I would like to see a requirement that privacy policies have actually useful information in them."

For more:
- read this release
- read this Wall Street Journal article

Related articles:
Apple, Google consent to mobile app privacy accord
FTC to Apple, Google: Apps for kids must disclose data privacy practices
Amid privacy uproar, Apple promises to detail app permissions
Path admits mistake, allows users to opt out of contacts database
Path slammed for uploading users' mobile address books
Lawmaker Markey unveils Mobile Device Privacy Act