In discussing this agreement, the Attorney General’s office emphasized that the agreement “is designed to ensure that mobile apps comply with the California Online Privacy Protection Act of 2003 (CalOPPA or the Act). Id. CalOPPA was signed by the Governor of California in October 2003 and went into effect on July 1, 2004. The legislation was designed to impose strict new standards on companies operating websites or online services regarding transparency in the way that user information is used.
Companies need to be proactive about their compliance with CalOPPA, as the Act is easily violated and potentially very expensive. First, the types of personally identifiable information encompass more than one might think, including not only a user’s social security number and home address but also the current location of the user’s mobile device, email address, telephone number, and any other identifier that permits the physical or online contacting of a specific individual.
Second, your business does not have to be located in California for your app to expose you to liability— Delta Air Lines is incorporated in Delaware and headquartered in Georgia. The Act merely requires that your service collects personally identifiable information of “individual consumers residing in California.” It is also very likely that other states will soon be targeting mobile apps as well as an arena in which to enforce their consumer protection laws.
Finally, companies need to make sure that their app developers are providing privacy policies that actually match the privacy practices of the company. Also, it is important to remember that the Act can be applied to applications that run inside of social media sites, such as Facebook.
The Delta Case
On December 6, 2012, Attorney General Harris filed suit against Delta Air Lines in San Francisco Superior Court under California’s Unfair Competition Law for violation of CalOPPA. Delta provides a mobile app called “Fly Delta” allowing users to check-in for a flight, view reservations, pay for checked baggage, access their frequent flyer information, take photographs to help remember where they parked, and find nearby “Delta Sky Clubs.”
Is Your Company’s Policy in Compliance?