Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
January 14th, 2013
A Public Privacy Fight: California Sues Delta for Failing to Include Privacy Policy in Mobile App
Delta Airlines was not first in flight but it did achieve a different first last month when the California Attorney General sued the company for alleged violations of a never-before-litigated state privacy law, the California Online Privacy Protection Act (the "Act"). The Act requires any operator of a commercial website or online service (including mobile apps) that collects personally identifiable information about California residents to conspicuously post its privacy policy on such website or, in the case of an online service, to make the policy available to consumers by other reasonably accessible means. Among other requirements, the Act also requires covered operators to detail what information they collect from consumers and how they use that information.
The lawsuit, which was filed on December 6th, alleges that Delta's mobile application for managing bookings, Fly Delta, collects a variety of personally identifiable information from users, including the user's name, phone number, birth date, email address, frequent flyer number, photograph and geo-location, but does not include a privacy policy anywhere in the app. The complaint further alleges that although Delta's company website has a privacy policy, it makes no reference to the Fly Delta app and how user information is being collected and used. The state attorney general's office apparently notified Delta of the allegations on October 26; Delta therefore missed the 30 day period to cure privacy violations provided by the Act.
A judgment for the State of California could mean a significant financial hit for Delta. The suit seeks to enjoin Delta from distributing its app without a privacy policy and contemplates penalties of $2,500 for each violation of the Act, which may be measured by the court on a per download basis. According to the complaint, the Fly Delta app has been downloaded "millions of times" via Google Play and Apple iTunes, however there is no word on how many of these downloads were by California residents.
For more information on the proposed settlement report or or any other advertising or marketing law issues, please contact Greg Boyd at (212) 826 5581 or gboyd@fkks.com; Claudine Wilson (212) 705 4842 or cwilson@fkks.com; or any other member of the Advertising or Technology, Digital Media, & Privacy Groups.
Other Privacy & Data Security Law Alerts
Six Steps to Help Your Team Comply with the New SEC Public Company Cybersecurity Rules
On July 26, 2023, the Securities Exchange Commission (“SEC”) approved final Rules entitled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Rules”). The Rules require certain cybersecurity incident disclosures on Form 8-K, generally within 4 business days after the determination that a cybersecurity incident is material. Read more.
August 1 2023
Five Action Items to Help You Prepare for the Wave of Privacy Enforcement Starting July 2023
Mark your calendars - July 2023 is an important month for US privacy enforcement. Read more.
June 21 2023
Washington “My Health My Data” Act Dramatically Alters Health Data Compliance Landscape
Washington State’s My Health My Data Act (“the Act”) introduces a sweeping set of obligations for nearly all entities that do business in the state and that handle “consumer health data,” a broad new class of health-related data separate from that regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”). Read more.
April 24 2023