September 28, 2020

Volume X, Number 272

September 28, 2020

Subscribe to Latest Legal News and Analysis

Delta Wins CalOPPA Case – But Your Mobile App May Not Fly

In a decision favorable to the airline industry—but not helpful to other companies—the California Court of Appeal said that a privacy enforcement action against Delta is not going to fly.  On May 25, 2016, the Court of Appeal tossed the California Attorney General’s CalOPPA enforcement action against Delta Airlines, affirming the lower court’s 2013 dismissal of the case with prejudice.

As we previously wrote, California AG’s office has been taking incremental steps toward ensuring that mobile applications comply with CalOPPA.  As early as 2012, its office began sending notices of non-compliance to mobile application developers.  When some companies failed to respond, the Attorney General chose Delta as its pilot case, promptly filing its first-ever enforcement action under CalOPPA.  Over the past three years, we have followed the Attorney General’s CalOPPA compliance campaign, including the Delta case.  

California Attorney General Kamala Harris filed the case against Delta in 2012, alleging that the carrier had failed to include a privacy policy on its mobile application.  This failure, noted the Attorney General, violated the California Online Privacy Protection Act (“CalOPPA”).

CalOPPA, which first went into effect in 2004, requires “an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service” to have a conspicuous privacy policy that complies with California Business and Professions Code § 22575(a)-(b).  The Attorney General, Kamala Harris, believes that companies, which fail to make their privacy policies readily available on their mobile apps, violate CalOPPA.   Kamala Harris has made privacy compliance one of her priorities.  Since 2012, she has successfully persuaded companies such as Apple, Amazon, Microsoft, Facebook, and Google to make privacy policies readily available within their apps.

The May 25, 2016, appellate ruling means that Delta may be off the hook from having to comply with CalOPPA.  However, as we have previously explained, companies outside of the airline industry must remain diligent when it comes to the California Attorney General’s CalOPPA enforcement actions.  This is because the recent decision by the Court of Appeal—that federal law preempts state claims against Delta—does not protect non-airlines.  As such, California Attorney General’s office will likely continue to pursue similar enforcement actions against other companies that fail to follow its guidance with respect to mobile apps.

To avoid steep penalties, companies that utilize mobile applications should take the following steps:

  • Determine whether your app collects personally identifiable information.

  • Confirm that the application allows users to access your privacy policy directly within the app.

  • Ensure that your privacy policy accurately describes an effective date, what information you collect, how the information is shared, how it can be accessed by users, and how you notify users of material changes to the policy.

  • Consult your privacy team to confirm that your current practices comply not only with CalOPPA, but with other similar laws in all states where you conduct business and with Federal Trade Commission guidelines.

©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume VI, Number 155

TRENDING LEGAL ANALYSIS


About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

617-348-1732
Natalie Prescott, Mintz Levin Law Firm, Litigation Attorney
Practice Group Associate

Natalie’s practice focuses on a wide range of litigation matters.

Prior to joining the firm, Natalie worked as the co-founder and trial lawyer for a boutique litigation firm that focuses on state and federal litigation. She also spent many years as a litigation associate at one of the world’s largest law firms, where she received extensive consumer litigation, trial, and appellate experience.

Previously, Natalie served as a judicial law clerk for the Honorable Roger T. Benitez of the United States District Court of the Southern District of California and as a litigation associate in the San Diego office of another global law firm.

During law school, Natalie worked as the editor-in-chief for the Duke Journal of Comparative and International Law. She graduated at the top of her class from Duke Law School. She also has an MA in English from Tulane University and a BA in speech communication from the University of Southern Mississippi. In 2014, Natalie was selected along with a handful of applicants nationwide to attend Gerry Spence’s Trial Lawyers College, which allowed her to master trial preparation techniques at the highest level.

858 -314-1534