January 17, 2021

Volume XI, Number 17

Advertisement

January 15, 2021

Subscribe to Latest Legal News and Analysis

Delta Wins CalOPPA Case – But Your Mobile App May Not Fly

In a decision favorable to the airline industry—but not helpful to other companies—the California Court of Appeal said that a privacy enforcement action against Delta is not going to fly.  On May 25, 2016, the Court of Appeal tossed the California Attorney General’s CalOPPA enforcement action against Delta Airlines, affirming the lower court’s 2013 dismissal of the case with prejudice.

As we previously wrote, California AG’s office has been taking incremental steps toward ensuring that mobile applications comply with CalOPPA.  As early as 2012, its office began sending notices of non-compliance to mobile application developers.  When some companies failed to respond, the Attorney General chose Delta as its pilot case, promptly filing its first-ever enforcement action under CalOPPA.  Over the past three years, we have followed the Attorney General’s CalOPPA compliance campaign, including the Delta case.  

California Attorney General Kamala Harris filed the case against Delta in 2012, alleging that the carrier had failed to include a privacy policy on its mobile application.  This failure, noted the Attorney General, violated the California Online Privacy Protection Act (“CalOPPA”).

CalOPPA, which first went into effect in 2004, requires “an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service” to have a conspicuous privacy policy that complies with California Business and Professions Code § 22575(a)-(b).  The Attorney General, Kamala Harris, believes that companies, which fail to make their privacy policies readily available on their mobile apps, violate CalOPPA.   Kamala Harris has made privacy compliance one of her priorities.  Since 2012, she has successfully persuaded companies such as Apple, Amazon, Microsoft, Facebook, and Google to make privacy policies readily available within their apps.

The May 25, 2016, appellate ruling means that Delta may be off the hook from having to comply with CalOPPA.  However, as we have previously explained, companies outside of the airline industry must remain diligent when it comes to the California Attorney General’s CalOPPA enforcement actions.  This is because the recent decision by the Court of Appeal—that federal law preempts state claims against Delta—does not protect non-airlines.  As such, California Attorney General’s office will likely continue to pursue similar enforcement actions against other companies that fail to follow its guidance with respect to mobile apps.

To avoid steep penalties, companies that utilize mobile applications should take the following steps:

  • Determine whether your app collects personally identifiable information.

  • Confirm that the application allows users to access your privacy policy directly within the app.

  • Ensure that your privacy policy accurately describes an effective date, what information you collect, how the information is shared, how it can be accessed by users, and how you notify users of material changes to the policy.

  • Consult your privacy team to confirm that your current practices comply not only with CalOPPA, but with other similar laws in all states where you conduct business and with Federal Trade Commission guidelines.

    Advertisement
©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume VI, Number 155
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

617-348-1732
Natalie Prescott, Mintz Levin Law Firm, Litigation Attorney
Practice Group Associate

Natalie’s practice focuses on a wide range of litigation matters.

Prior to joining the firm, Natalie worked as the co-founder and trial lawyer for a boutique litigation firm that focuses on state and federal litigation. She also spent many years as a litigation associate at one of the world’s largest law firms, where she received extensive consumer litigation, trial, and appellate experience.

Previously, Natalie served as a judicial law clerk for the Honorable Roger T. Benitez of the United States District Court of the...

858 -314-1534
Advertisement
Advertisement