If you choose to use Delta's optional biometric boarding or identity verification programs, Delta collects and processes biometric data such as your facial scan to confirm your identity at the airport.
This analysis describes what Delta Airlines's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Biometric data like facial recognition is among the most sensitive categories of personal information because it is unique, immutable, and cannot be changed if compromised; state laws impose strict requirements around its collection, use, and retention.
Interpretive note: The specific retention periods, vendor arrangements, and written consent mechanisms for Delta's biometric programs are not fully detailed in the visible policy text; the full extent of compliance with state biometric statutes cannot be confirmed from this document alone.
Enrolling in Delta's optional biometric boarding programs means Delta and potentially its technology partners (such as the U.S. Customs and Border Protection or third-party vendors) will collect and retain your facial recognition data, which is governed by state biometric privacy laws in Illinois, Texas, and other states that may confer private rights of action or require specific written consent before collection.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Delta Airlines has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Delta may participate in voluntary programs that use biometric identifiers, such as facial recognition technology, to verify your identity at the airport. Participation in these programs is voluntary, and you may opt out by notifying a Delta representative.— Excerpt from Delta Airlines's Delta Privacy Policy
REGULATORY LANDSCAPE: Biometric data collection engages multiple state statutes, most significantly the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and the Washington My Health MY Data Act. BIPA in particular imposes a private right of action with statutory damages of $1,000 to $5,000 per violation for failure to obtain written consent, publish a retention schedule, or destroy biometric data within required timeframes. The relevant enforcement authorities include state attorneys general and, under BIPA, private plaintiffs. The FTC may also have oversight interest under its unfair practices authority. GOVERNANCE EXPOSURE: High. BIPA has generated significant class action litigation against companies collecting facial recognition data without full statutory compliance, including written informed consent, a publicly available written retention policy, and a destruction schedule. Failure to satisfy each element creates distinct and cumulative statutory exposure. JURISDICTION FLAGS: Illinois creates the highest exposure due to BIPA's private right of action. Texas CUBI and Washington biometric laws impose attorney general enforcement. Additional states are enacting or considering biometric-specific legislation. EU and UK GDPR classify biometric data as a 'special category' requiring explicit consent and heightened processing safeguards, relevant for international travelers using Delta's European-facing sites. CONTRACT AND VENDOR IMPLICATIONS: Where biometric programs involve third-party technology vendors or U.S. government agencies (such as CBP's Biometric Exit program), Delta's contractual relationships with those parties should be reviewed to confirm data processing roles, retention limits, and liability allocation. Vendor contracts should specify that biometric data is used only for the disclosed purpose of identity verification and is deleted within applicable statutory timeframes. COMPLIANCE CONSIDERATIONS: Legal teams should confirm that Delta's biometric program enrollment process includes state-compliant written consent disclosures for Illinois and Texas residents, that a publicly available written biometric data retention and destruction schedule exists and is current, and that data deletion protocols are operationally implemented within required timeframes. Any changes to vendors or processing infrastructure for biometric programs should trigger a data protection impact assessment.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Biometric data like facial recognition is among the most sensitive categories of personal information because it is unique, immutable, and cannot be changed if compromised; state laws impose strict requirements around its collection, use, and retention.
Enrolling in Delta's optional biometric boarding programs means Delta and potentially its technology partners (such as the U.S. Customs and Border Protection or third-party vendors) will collect and retain your facial recognition data, which is governed by state biometric privacy laws in Illinois, Texas, and other states that may confer private rights of action or require specific written consent before …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Delta Airlines.