On Thursday, the district court granted Delta’s motion to dismiss the complaint, concluding that the Airline Deregulation Act (ADA) pre-empts the state’s claims. The ADA provides that “a State….may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier.” Courts have construed the scope of preemption by the ADA broadly, and the majority of courts which have considered the issue have held that the ADA preempts the application of state consumer protection laws to airlines. See Morales v. Trans World Airlines, 504 U.S. 374 (1992). The judge decided that the operation of a mobile app for air travel services is “related to price, route or service of an air carrier” and thus agreed with Delta’s argument that the California AG’s claim is pre-empted.
This will be a relief for the already heavily regulated airline industry. Airlines already look to State law for examples of best practices, but managing to the ever evolving and often conflicting State laws on privacy as well as the DOT’s regulations (not forgetting the data requirements of the FAA, TSA, CBP and foreign governments) would have been a double burden. This case appears to confirm that the DOT, not the States, regulates privacy practices by airlines.
Harris has stated that she plans to police mobile app privacy using CalOPPA. Her office released a set of best practices for mobile app privacy policies in January, a month before the Federal Trade Commission released its own mobile app guidelines. But considering federal regulators’ interest in the issue, it is debatable whether, like the Delta case, such matters are better left for enforcement at the Federal level.