California Attorney General Kamala Harris failed in her first attempt to sue a company for failing to post a privacy policy on a mobile app.

Harris alleged that Delta Airlines violated the California Online Privacy Protection Act (“CalOPPA”) by failing to include a privacy policy on its mobile app. The lawsuit, in the California Superior Court in San Francisco, was the first enforcement action under CalOPPA since it came into force in 2004. 

On Thursday, the district court granted Delta’s motion to dismiss the complaint, concluding that the Airline Deregulation Act (ADA) pre-empts the state’s claims. The ADA provides that “a State….may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier.” Courts have construed the scope of preemption by the ADA broadly, and the majority of courts which have considered the issue have held that the ADA preempts the application of state consumer protection laws to airlines. See Morales v. Trans World Airlines, 504 U.S. 374 (1992). The judge decided that the operation of a mobile app for air travel services is “related to price, route or service of an air carrier” and thus agreed with Delta’s argument that the California AG’s claim is pre-empted.

This will be a relief for the already heavily regulated airline industry. Airlines already look to State law for examples of best practices, but managing to the ever evolving and often conflicting State laws on privacy as well as the DOT’s regulations (not forgetting the data requirements of the FAA, TSA, CBP and foreign governments) would have been a double burden. This case appears to confirm that the DOT, not the States, regulates privacy practices by airlines.

Harris has stated that she plans to police mobile app privacy using CalOPPA. Her office released a set of best practices for mobile app privacy policies in January, a month before the Federal Trade Commission released its own mobile app guidelines. But considering federal regulators’ interest in the issue, it is debatable whether, like the Delta case, such matters are better left for enforcement at the Federal level.

Delta added a prominent link to its privacy policy on the home screen of the Fly Delta App not long after the filing of the suit and has had a public privacy policy on its main Web site all along.

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Nigel Howard Nigel Howard

For over 30 years Nigel Howard has specialized in technology transactions such as M&A, strategic alliances, licensing, distribution agreements and outsourcing. Clients range from start-ups and emerging companies to international corporations. He has led negotiations of billion dollar service agreements that were critical…

For over 30 years Nigel Howard has specialized in technology transactions such as M&A, strategic alliances, licensing, distribution agreements and outsourcing. Clients range from start-ups and emerging companies to international corporations. He has led negotiations of billion dollar service agreements that were critical to his client, and successfully handled the intellectual property and data issues on over 250 venture capital and M&A transactions.

Nigel is a “tremendous attorney” singled out for his detail-oriented approach, according to clients interviewed by Chambers and Partners. Peer commentators note his admirable commercial awareness, which achieves business-focused results, often in the most challenging of circumstances. He uses his extensive experience with IP and technology to advise on the commercial imperatives underlying these agreements.

Nigel has been ranked by Chambers Global, Chambers USA, Legal 500, Best Lawyers in America, and Who’s Who in American Law. He is frequent speaker on AI, data, distribution, and technology legal issues. His past and current clients include American Airlines, the American Bankers Association, American Express, AstraZeneca, British Airways, Brown Brothers Harriman, Cathay Pacific, Cisco, CoBank, DoubleClick, Etihad, HPE, Farelogix, Iberia, Mars, Merck, Merrill Lynch, Microsoft, NCR, the NFL, Novartis, P&G, Philippine Airlines, Promontory Financial, Singapore Airlines, Teva, TouchTunes, UBS, and Wyeth.