California Court Dismisses Complaint Alleging Airline Privacy Violations
Can states regulate an airline's online and/or mobile application privacy policies? A California court has said the answer is no. In a victory for airlines, the Superior Court of California dismissed with prejudice a complaint against Delta Air Lines filed by the California Attorney General that alleged violations of the California Online Privacy Protection Act (CalOPPA). The order cites "the reasons set forth in Delta's papers" as grounds for the decision, endorsing, among other things, Delta's position that the Airline Deregulation Act preempts CalOPPA and that the federal government alone has the authority to regulate airline privacy policies. Judge Marla Miller explained the court's ruling in California v. Delta Air Lines, Cal. Super. Ct., No. CGC 12-526741, noting that "this case is, in effect, an attempt to apply a state law designed to prevent unfair competition, which regulates an airline's communication with consumers, and I think it's pre-empted."
The state of California has aggressively pursued its mobile application privacy policies in recent months. Following an agreement with Google, Apple, Amazon, and other major app developers, the State Attorney General issued guidance last January on what it expects by way of privacy from mobile applications. The safe harbor carved out by the Act remains unique to the airline industry. The ruling is limited to the commercial aviation industry. Whether and how it might be extended to other industries, including federally regulated ones, is unknown at this time. California is not alone in focusing on privacy and data security. With the rise in reported data breaches, companies operating in all states will need to pay close attention to state and federal privacy requirements.
For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.