Although Delta is incorporated in Delaware and headquartered in Georgia, the state of California asserts jurisdiction over it because it maintains a presence at airports in at least thirteen California cities. CalOPPA only applies to users residing in the state, and Delta’s app is available for download to those users. The mere availability of an online service within a state does not, by itself, give a court jurisdiction over the business providing that service, but the growth of web-based services has also led to a growth in creative jurisdictional arguments. Delta’s physical presence in California may have made the issue simple in their case, but companies may face liability in unfamiliar jurisdictions for online-related laws in the future.
Most states do not have statutes comparable to CalOPPA. Texas, for example, has no statutes regulating the privacy of personal information online, except regarding government web sites. At the federal level, the Children’s Online Privacy Protection Act (COPPA) applies to businesses nationwide that collect personal information from children under the age of thirteen. The scope of the law may be narrower than California’s law, but its requirements are stricter, including notices to parents identifying the types of information gathered, and procedures to allow parents to review and remove information about their children. Recent amendments to COPPA expand its scope to include businesses that have “actual knowledge” that they collect personal information from children, and not just online services expressly directed at children.