• by Wendy Davis  @wendyndavis, May 10, 2013

In a victory for Delta Air Lines, a state judge in California ruled that the company need not comply with a state law requiring Web site operators to post privacy policies.

San Francisco Superior Court Judge Marla Miller accepted Delta's argument that a federal law governing airlines trumped California's consumer protection laws. Miller's one-paragraph ruling, dated May 9, dismisses with prejudice the lawsuit brought late last year by Attorney General Kamala Harris.

Harris charged Delta with violating the 2003 California Online Privacy Protection Act. That law requires Web site operators that collect personally identifiable information from state residents to display links to privacy policies. Harris sought an injunction banning Delta from continuing to offer the app until it adds a privacy policy, and fines of up to $2,500 per download.

She alleged that even though Delta's Web site has a privacy policy, the document doesn't detail everything collected by the Fly Delta app -- including geolocation data and photos.

Delta argued in its legal papers that the federal Airline Deregulation Act prohibits individual states from “regulating critical business operations,” including airlines' “ability to collect and handle customer information and communicate with customers.” The airline added that the Department of Transportation is the only entity “empowered with regulating airline Web sites, privacy policies, and information practices.”

Harris's office said it is still reviewing the decision and hasn't yet decided whether to appeal.

While the ruling marks a setback for Harris, who has made mobile privacy one of her priorities. But the decision's impact could be fairly limited, due to the unique nature of the airline industry, which is subject to a specific federal deregulation bill.

Last year, Harris persuaded seven companies with app marketplaces -- Google, Apple, Facebook, Research in Motion, Microsoft, Hewlett-Packard and Amazon -- to require apps available on their platforms to have privacy policies. In November, her office notified 100 companies, including Delta, that they risked an enforcement action if they failed to include privacy policies to their apps. Other companies she reportedly warned include OpenTable and United Airlines.