In October, California’s Attorney General, Kamala Harris sent letters to 100 app makers (Delta Air Lines among them) who did not incorporate privacy policies with their applications and gave them 30 days to make their privacy policies available or respond to the AG’s letter.
However, the State of California contends in its civil lawsuit against Delta that the application gathers “substantial” personally identifiable information including, “names, phone numbers, email address, frequent-flier numbers, photographs, credit-card numbers and locations.” Since Delta is apparently not adhering to the law, stemming from legislation passed in 2004 and reinforced with the California Online Privacy Protection Act (COPPA), passed in 2012, and the airline did not respond to the Attorney General’s letter, the state filed the first lawsuit in connection with a smartphone application on privacy grounds.
The lawsuit states, "Users of the Fly Delta application do not know what personally identifiable information Delta collects about them, how Delta uses that information, or to whom that information is shared, disclosed, or sold." California is the only state which applies its privacy laws to mobile applications. As the state exerts its influence through this law, other states typically follow suit and adopt similar legislation. For Delta, if it is found to be in violation of this law, it will face fines of $2,500 per non-compliant app downloaded by a California resident.
source: The Wall Street Journal