The Atlanta-based carrier failed to "conspicuously" post a policy disclosure in either its application, in application stores or on its website within 30 days of being notified that it was in non-compliance of state law on 26 October, according to the lawsuit filed with San Francisco Superior Court.
The lawsuit alleges that Delta violated the 2004 California Online Privacy Protection Act by not providing a privacy disclosure to users of its applications, Fly Delta, on what personal data was being collected and how it was being used. Data collected includes full names, telephone numbers, email addresses, frequent flier numbers, photographs and locations.
"Losing your personal privacy should not be the cost of using mobile apps, but all too often it is," says Kamala Harris, attorney general of California and an elected official. "California law is clear that mobile apps collecting personal information need privacy policies, and that the users of those apps deserve to know what is being done with their personal information."
Delta declines to comment.
The airline could face penalties of up to $2,500 per violation if it is found guilty.
The California attorney general's office says that the court will have to define what constitutes a violation, as the law does not define the measure.
Other airlines, including Alaska Airlines, American Airlines, JetBlue Airways, Southwest Airlines and United Airlines, also offer applications to users of mobile devices. United reportedly also received a letter from the attorney general's office.
The California attorney general's office declines to comment on whether other air carriers received noncompliance letters.