By Katie W. Johnson
CalOPPA, Cal. Bus. & Prof. Code §§ 22575-22579, requires commercial operators of online services to conspicuously post privacy policies informing users of what personally identifiable information is being collected and how it will be used.
According to the Superior Court of California for the City and County of San Francisco's two-page order, it sustained Delta's demurrer to the complaint. The court did not explain its reasoning behind the ruling, but a comment by Delta clarifies that federal preemption played a role in the court's decision.
“We are pleased the Court has confirmed our view that the California statute does not apply to airlines because it is preempted by federal law,” Paul Skrbec, a Delta spokesman, told BNA May 10. “The protection of customer information is something that Delta takes very seriously.”
The California AG's office is reviewing the decision and has no further comment, Lynda Gledhill, a spokeswoman for the AG's office, told BNA May 10.
Adam Miller, deputy attorney general for the state of California, in San Francisco, represented the state. David J. Schindler and Stefanie C. Hyder, of Latham & Watkins LLP, in Los Angeles, along with Jennifer C. Archie and Drew R. Wisniewski of the firm's Washington office, represented Delta.
The California AG's office has been very active in the mobile privacy space.
In February 2012, six major mobile app developers--Amazon.com Inc., Apple Inc., Google Inc., Hewlett-Packard Co., Microsoft Corp., and Research in Motion Co.--signed an agreement with the California AG, in which they agreed to post privacy policies in their mobile apps on the collection and use of personal information in compliance with CalOPPA (11 PVLR 375, 2/27/12). Facebook Inc. joined the agreement four months later (11 PVLR 999, 6/25/12).
In October 2012, the AG sent formal notification letters to developers whose apps it alleged were not in compliance with CalOPPA and gave them 30 days to comply (11 PVLR 1623, 11/5/12).
The AG's lawsuit against Delta followed two months later. At the time, the AG's office said that Delta was one of the companies that received the noncompliance notice.
In January 2013, the AG issued guidance for mobile app software developers on how to comply with the state's privacy laws (12 PVLR 80, 1/14/13).
Full text of the court's order is available at http://op.bna.com/pl.nsf/r?Open=kjon-97klaa.
To view additional stories from Privacy & Data Security Law Resource Center™ register for a free trial now