Written by:  Perrie Weiner, Joshua Briones and Kimberly Hyde

In prior posts, I have stated that 2012 appears to be the year of the mobile app.  As the year draws to a close, this continues to be true — indeed, after warning mobile app providers that they must comply with California’s law regarding privacy policies, in December, the California Attorney General brought suit against Delta Airlines alleging that it failed to post a privacy policy that covers its mobile app and that is reasonably accessible from within the mobile app itself.

My colleagues have written an advisory on the recent lawsuit, which follows:  As part of her ongoing campaign to improve transparency regarding data collection through mobile applications, California Attorney General Kamala D. Harris filed a complaint against Delta Air Lines for allegedly failing to post a privacy policy that covers its mobile app and that is reasonably accessible from within the mobile app itself. People v. Delta Air Lines Inc., Cal. Super. Ct., No. CGC-12-526741, filed 12/6/12.

Delta allegedly violated the California Online Privacy Protection Act (OPPA) by collecting personally identifiable information from consumers through its “Fly Delta” mobile app without a reasonably accessible and adequate privacy policy.  The OPPA, which DLA Piper partner Jim Halpert helped to draft, was enacted in 2004. It requires owners of commercial websites to post a privacy policy notifying consumers that their private information may be collected while visiting the site.

Technology has evolved enormously since 2004. The iPhone, so ubiquitous now, was not introduced until 2007, followed by an explosion of mobile apps. The dramatic change has led to a new question: do companies need to post a privacy policy that expressly applies to mobile apps? On February 22, 2012, Attorney General Harris reached an agreement with mobile application platforms in which they agreed to make the privacy policies of app providers readily accessible through their platforms. Then, on October 30, Harris announced that her office would be sending warning letters to mobile application providers that had not posted mobile app privacy policies, notifying them that the OPPA requires them to post privacy policies within 30 days of receipt of the notice.  To read more, click here.