California has long been a leader in privacy legislation. That position was strengthened recently when the California Attorney General filed a first-of-its-kind lawsuit against a company for its failure to include a privacy policy with a smartphone application. The lawsuit, filed on December 6 against Delta Airlines, alleges that the airline violated California law requiring online services to “conspicuously post its privacy policy” by failing to include such a policy with its “Fly Delta” mobile application. This action by the state of California has broad implications to anyone developing or distributing mobile apps.

Background -

In 2004, California enacted the California Online Privacy Protection Act (CalOPPA) requiring commercial operators of websites and online services to conspicuously post detailed privacy policies to enable consumers to understand what personal information is collected by a website and the categories of third parties with which operators share that information. CalOPPA provides that “an operator shall be in violation of this [posting requirement] only if the operator fails to post its policy within 30 days after being notified of noncompliance,” and if the violation is made either (a) knowingly and willingly or (b) negligently and materially. In the case of an online service, “conspicuously posting” a privacy policy requires that the policy be “reasonably accessible…for consumers of the online service.”