If you choose to use Delta's optional biometric boarding or identity verification programs, Delta collects and processes biometric data such as your facial scan to confirm your identity at the airport.
This analysis describes what Delta Airlines's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Biometric data like facial recognition is among the most sensitive categories of personal information because it is unique, immutable, and cannot be changed if compromised; state laws impose strict requirements around its collection, use, and retention.
Interpretive note: The specific retention periods, vendor arrangements, and written consent mechanisms for Delta's biometric programs are not fully detailed in the visible policy text; the full extent of compliance with state biometric statutes cannot be confirmed from this document alone.
Enrolling in Delta's optional biometric boarding programs means Delta and potentially its technology partners (such as the U.S. Customs and Border Protection or third-party vendors) will collect and retain your facial recognition data, which is governed by state biometric privacy laws in Illinois, Texas, and other states that may confer private rights of action or require specific written consent before collection.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Delta Airlines has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Delta may participate in voluntary programs that use biometric identifiers, such as facial recognition technology, to verify your identity at the airport. Participation in these programs is voluntary, and you may opt out by notifying a Delta representative.— Excerpt from Delta Airlines's Delta Privacy Policy
REGULATORY LANDSCAPE: Biometric data collection engages multiple state statutes, most significantly the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and the Washington My Health MY Data Act. BIPA in particular imposes a private right of action with statutory damages of $1,000 to $5,000 per violation for failure to obtain written consent, publish a retention schedule, or destroy biometric data within required timeframes. The relevant enforcement authorities include state attorneys general and, under BIPA, private plaintiffs. The FTC may also have oversight interest under its unfair practices authority. GOVERNANCE EXPOSURE: High. BIPA has generated significant class action litigation against companies collecting facial recognition data without full statutory compliance, including written informed consent, a publicly available written retention policy, and a destruction schedule. Failure to satisfy each element creates distinct and cumulative statutory exposure. JURISDICTION FLAGS: Illinois creates the highest exposure due to BIPA's private right of action. Texas CUBI and Washington biometric laws impose attorney general enforcement. Additional states are enacting or considering biometric-specific legislation. EU and UK GDPR classify biometric data as a 'special category' requiring explicit consent and heightened processing safeguards, relevant for international travelers using Delta's European-facing sites. CONTRACT AND VENDOR IMPLICATIONS: Where biometric programs involve third-party technology vendors or U.S. government agencies (such as CBP's Biometric Exit program), Delta's contractual relationships with those parties should be reviewed to confirm data processing roles, retention limits, and liability allocation. Vendor contracts should specify that biometric data is used only for the disclosed purpose of identity verification and is deleted within applicable statutory timeframes. COMPLIANCE CONSIDERATIONS: Legal teams should confirm that Delta's biometric program enrollment process includes state-compliant written consent disclosures for Illinois and Texas residents, that a publicly available written biometric data retention and destruction schedule exists and is current, and that data deletion protocols are operationally implemented within required timeframes. Any changes to vendors or processing infrastructure for biometric programs should trigger a data protection impact assessment.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Biometric data like facial recognition is among the most sensitive categories of personal information because it is unique, immutable, and cannot be changed if compromised; state laws impose strict requirements around its collection, use, and retention.
Enrolling in Delta's optional biometric boarding programs means Delta and potentially its technology partners (such as the U.S. Customs and Border Protection or third-party vendors) will collect and retain your facial recognition data, which is governed by state biometric privacy laws in Illinois, Texas, and other states that may confer private rights of action or require specific written consent before …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Delta Airlines.