In a blow to California Attorney General Kamala Harris and her campaign to mandate privacy policies for apps, a trial court dismissed her suit against Delta Air Lines in which she alleged that the company failed to post a privacy policy for its mobile app in violation of the California Online Privacy Protection Act.

The suit against Delta was the first filed by the AG’s office as part of its enforcement efforts, which began last year when Harris reached an agreement with the six largest online app providers – Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion. The companies agreed that the Act applies to mobile apps. Facebook signed onto the agreement later in the year.

Harris wasted no time in taking action pursuant to the Act by sending approximately 100 warning letters last October. Recipients – including Delta – were cautioned that they could be sued if they did not bring their apps into compliance within 30 days. Delta failed to do so and was the target of the AG’s first lawsuit.

The complaint alleged that Delta Air Lines’ “Fly Delta” app collects information like a user’s name, phone number, gender, geolocation, passport number, debit or credit information, and e-mail address when a customer uses the app to check in and make flight reservations.

According to the complaint, Delta failed to post a privacy policy when it collected personal information (including names and phone numbers) from state residents. The “Fly Delta” app has been downloaded “millions of times” without a privacy policy, according to the complaint. Despite a privacy policy available on the Delta Web site, it does not reference the app nor is it reasonably accessible to app users, Harris argued.

The suit sought fines of up to $2,500 per download and an injunction banning Delta from continuing to offer the app for download until a privacy policy was added.

But Delta told the court that the federal Airline Deregulation Act, which preempts California’s Privacy Act, prohibits the states from regulating “critical business operations” of airlines, including the ability to collect and handle customer information.

The federal statute, 49 U.S.C. § 41713, provides that a state “may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier that may provide air transportation under this subpart.” Only the Department of Transportation can regulate airline privacy policies and Web sites, Delta argued.

San Francisco Superior Court Judge Marla J. Miller agreed.

At a hearing, Judge Miller said the app fell under the category of Delta’s “services,” according to a report from Bloomberg. “I think that this case is, in effect, an attempt to apply a state law designed to prevent unfair competition, which regulates an airline’s communication with consumers, and I think it’s preempted,” she said at the hearing.

In a subsequent one-paragraph order, Judge Miller dismissed the suit with prejudice.

To read the court’s order in People v. Delta, click here.

Why it matters: The dismissal – with prejudice – may slow the momentum of the AG’s push for privacy policies. An appeal is possible, although a spokesperson for Harris said the office is “reviewing the judge’s ruling” and declined to make any additional comments. The decision itself, however, will be unlikely to impact future suits, as the basis for the ruling – federal law governing airlines – will be irrelevant unless Harris decides to sue another airline.