What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: Delta's privacy policy engages the FTC Act through its consumer-facing data practices and disclosures about promotional partner sharing, with the FTC as primary federal enforcement authority. The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply to California residents and require specific opt-out rights for sale or sharing of personal information and sensitive personal information disclosures. State biometric privacy statutes, including…

How does Delta Airlines's Delta Privacy Policy affect users?

The policy establishes Delta's authority to collect travel history, payment information, SkyMiles activity, and optionally biometric identifiers, and permits disclosure of this data to promotional and loyalty partners. Participation in biometric boarding or identity programs results in collection and retention of facial recognition or similar biometric data subject to varying state law requirements. The policy establishes consumer options to submit privacy rights requests, opt out of promotiona…

How often is Delta Airlines's Delta Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Delta Airlines updates this document?

Yes. Monitor subscribers ($19/month) can add Delta Airlines to their watchlist and receive same-day email alerts whenever this document or any other Delta Airlines document changes.

CA-D-000629

Delta Privacy Policy

Delta Airlines

Last change detected May 22, 2026 Privacy policy

SHA-256: 9fac3865538459e57b3… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Delta Airlines ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

1 High severity

5 Medium severity

1 Low severity

Summary

This document establishes Delta Air Lines' practices for collecting, using, and sharing personal information obtained through flight bookings, the SkyMiles program, and delta.com. The policy authorizes Delta to share personal data with promotional and loyalty partners for marketing purposes, and establishes procedures for collection of biometric identifiers such as facial recognition data through optional biometric boarding programs. The policy provides mechanisms for consumers to submit privacy rights requests and opt out of promotional data sharing through delta.com/us/en/legal/privacy-and-security.

Technical / Legal Breakdown

This document is Delta Air Lines' Privacy and Security Policy, governing the collection, use, sharing, and protection of personal information submitted through delta.com and related services, with the stated basis of providing airline services, administering the SkyMiles loyalty program, and fulfilling legal and regulatory obligations. The policy asserts Delta's right to collect a broad range of personal data including contact information, payment details, travel preferences, biometric identifiers used in voluntary identity verification programs, and behavioral data derived from website and app interactions, and the terms authorize sharing this information with promotional partners, SkyMiles partners, government authorities, and service vendors. Notably, the policy discloses data sharing with promotional partners for marketing purposes and references voluntary participation in biometric programs (such as facial recognition for boarding), which are operationally distinct from typical airline privacy disclosures and warrant independent assessment under state biometric privacy laws; the agreement's assertions about broad sharing with partners may be constrained by applicable federal and state law. The policy engages the FTC Act (unfair or deceptive practices), the California Consumer Privacy Act, and potentially state biometric privacy statutes such as the Illinois Biometric Information Privacy Act and the Texas Capture or Use of Biometric Identifier Act; international travelers served through Delta's localized sites may also trigger GDPR obligations. Material compliance considerations include the adequacy of consent mechanisms for biometric data collection, the specificity of opt-out rights for promotional data sharing, and the scope of data retention practices disclosed in a separate linked retention notice.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 22, 2026

low

What changed Delta updated its privacy policy on May 22, 2026, restructuring how users manage their personal information and privacy rights. The policy previously directed users to a single 'Privacy Requests' form and SkyMiles account deletion page; the updated version breaks this into five numbered subsections: Delete SkyMiles Account, Manage Email Marketing, Manage Tracking, Update Information, and Submit Privacy Requests, with specific instructions for each category. The change also adds explicit language stating that if a privacy request does not appear as an option on the form, it is not currently available in the user's location, and clarifies that users can withdraw previously provided consent using the method described at consent time or through the privacy request form.

Why this matters The updated policy reorganizes how you access and manage your personal information with Delta. Previously, privacy options were described in prose format pointing to a single Privacy Request Form and SkyMiles Help page. The revised policy now lists five distinct categories: Delete SkyMiles Account, Manage Email Marketing, Manage Tracking, Update Information, and Submit Privacy Requests, each with specific instructions. The policy now explicitly states that if your privacy request type does not appear on the form, it is not currently available in your location. You can withdraw consent you previously provided by using the method described when you gave consent or by submitting a privacy request.

View full change record →

Recent Provision Changes May 22, 2026

7 provisions unchanged.

View full change record →

High — 1 provision

Biometric Data Collection for Voluntary Identity Programs Compare →

If you choose to use Delta's optional biometric boarding or identity verification programs, Delta collects and processes biometric data such as your facial scan to confirm your identity at the airport.

Added May 9, 2026 Standard Seen across 284 platforms

Medium — 5 provisions

Promotional Partner Data Sharing Compare →

Delta gives your personal information to marketing partners, such as credit card companies with co-branded Delta cards, so those partners can send you promotional offers.

Added May 7, 2026 Standard Seen across 252 platforms
Government Authority Disclosure Compare →

Delta can share your personal information with law enforcement or government agencies when required by legal process or when Delta believes it is necessary to protect safety or comply with the law.

Added May 9, 2026 Standard Seen across 284 platforms
California Consumer Privacy Rights Compare →

If you live in California, you have specific legal rights under the CCPA and CPRA to see, delete, or opt out of the sharing of your personal information, and Delta cannot penalize you for exercising those rights.

Added May 9, 2026 Standard Seen across 284 platforms
Cookies and Behavioral Tracking Compare →

Delta tracks your browsing behavior on its website and app using cookies and similar tools, and uses that data to personalize content and measure advertising effectiveness.

Added May 7, 2026 Standard Seen across 284 platforms
SkyMiles Loyalty Program Data Use Compare →

Delta uses the data in your SkyMiles account, including your full travel history and partner activity, for program administration, personalized marketing, and sharing with its network of SkyMiles partners.

Added May 9, 2026 Standard Seen across 252 platforms

Low — 1 provision

Data Retention Practices Compare →

Delta keeps your personal data for as long as it needs to, based on business purposes and legal requirements, with specific timeframes set out in a separate linked retention notice.

Added May 9, 2026 Standard Seen across 284 platforms

Monitoring

Delta Airlines has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Biometric Data Collection for Voluntary Identity Programs and similar clauses.

Compare across platforms →