A month after notifying scores of mobile application developers and companies that they were not in compliance with the state's Online Privacy Protection Act, the California attorney general announced last week that she had filed the first legal action under that law, against Delta Airlines.

California's Online Privacy Protection Act requires "an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service"—such as a mobile application—to post a privacy policy that contains the elements set out in the act. App owners may be penalized for violating this subdivision if they fail to post a privacy policy within 30 days after being notified of the noncompliance. Meanwhile, developers who post a policy but fail to comply with it may face liability under the state's unfair competition law or Section 5 of the FTC Act for engaging in a deceptive trade practice.

Delta was among the companies notified in October that its app, "Fly Delta," needed a privacy policy. According to the complaint, Delta failed to post a policy despite receipt of the notice.

The complaint alleges that since 2010 Delta has collected app users' names, telephone numbers, email addresses, frequent flyer numbers and pin codes, photographs, and geo-locations, yet does not have a privacy policy in the app itself, in the platform stores from which the app may be downloaded or on Delta's website. (Delta has a privacy policy on its website, but it doesn't mention the app.) The suit seeks to enjoin Delta from distributing its app without a privacy policy and to apply penalties of up to $2,500 for each violation—which could mean $2,500 for each time the non-compliant app was downloaded.

The October notifications and the more recent lawsuit follow an agreement the attorney general reached in February with the leading mobile and social app platforms – Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft and Research in Motion—to ensure that consumers have the opportunity to review an app's privacy policy before they download the app and that there is a consistent location for an app's privacy policy on the application-download screen in the platform store.

Meanwhile, on Monday, the FT issued a new staff report title" Mobile Apps for Kids: Disclosures Still Not Making the Grade," which examines the privacy disclosures and practices of apps offered for children in the Google Play and Apple App stores. The report found little progress since 2011 toward giving parents the information they need to determine what data is being collected from their children and who will have access to it. The report urges all entities in the mobile app industry to accelerate transparency, to incorporate privacy "by design," and to give parents easy-to-understand choices about data collection and sharing through kids' apps.