California Sues Delta Air Lines Over Mobile Privacy

New submitter mrheckman writes "California is suing Delta Air Lines for violation of California's on-line privacy law. Delta failed to 'conspicuously post a privacy policy within their mobile app that informs users of what personally identifiable information is being collected and what will be done with it' after a 30-day notice. Delta's app collects 'substantial personally identifiable information such as a user's full name, telephone number, email address, frequent flyer account number and pin code, photographs, and geo-location.' Why is it we still can't control what permissions an app has on our phones? It's absurd and disturbing that an app for checking flights and baggage demands all of those permissions."

Extraterritoriality in law is strange

[Cytotoxic]

I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy? What about Los Angeles law? Are they subject to that too?

Does Slashdot have to worry about their website complying with Fresno law?

The whole thing just seems a little bit odd. Like when the US goes after foreign-based online gambling companies.

Re:Extraterritoriality in law is strange

It's not strange. The law is very clear. If you place a product in the stream of commerce and it's reasonably expected that a person in Fresno or California then you must comply with the law. If you place an app on Android market you expect the app to be used by people all over the U.S. Therefore comply with California law or make sure you restrict it's use to states other than California.

State laws can have a roll on effect. California is progressive in some environmental legislation. For example, you will find Coca-Cola making changes to it's formula to comply with California and apply it throughout the US. There is absolutely no problem with the way the law is applied in these "Extraterritorial Cases". In fact it protects you and me the customer. If you are a manufacturer in China and you do not expect your product to be sold in US. You also instruct your dealers that the product is only for sale in China with prominent ineffable labeling on your product. Some rouge dealer of yours shipped a container of your product to America. Your will not be subject to the American courts and the court will not have jurisdiction over you.

Conflict of law is a fascinating area. Law isn't really all that bad. Sometimes the economics of delivery makes it bad. In addition, we fail to see law for what it is: a vehicle for changing society.

Absurd? No, not really.

[Anonymous+Psychopath]

Aside from the photos, I can think of a logical reason for each of the other permissions listed.

Name is needed for check-in and boarding pass creation.
Delta will send flight updates via text message, for which a phone number is required. Ditto for email.
Frequent flyer number and PIN code are used to access your Delta account.
Geolocation so it knows which airport you're in.

They should disclose what information they collect as required by law, but the assertion that these permissions are "absurd and disturbing" is ludicrous and obviously the opinion of someone who does not travel often, or is uninterested in utilizing technology tools when they do.