Facts: Congress passed the Driver’s Privacy Protection Act of 1994 to keep state DMVs from selling drivers’ personal information without their consent. The practices of the South Carolina DMV went against the Act. South Carolina Attorney General Condon filed suit against the government, claiming the law was unconstitutional under the Tenth and Eleventh Amendments. The District Court agreed with the state and granted it summary judgment, enjoining the federal government from applying the law. The Court of Appeals upheld the District Court’s decision. The federal government appealed to the U.S. Supreme Court.
Issue: Does the Tenth Amendment forbid the federal government from regulating the activities of state Departments of Motor Vehicles?
Rule: The Tenth Amendment says that the federal government cannot force the states to enact policies or regulations that would impact the state’s citizens. Congress can, however, regulate the activities of the states themselves.
Analysis: The Court first assumes that the statute is constitutional unless proven otherwise. Then the Court accepts the federal government’s argument that the DPPA is a constitutional exercise of Congress’s Commerce Clause power.
The Court then finds that the statute does not violate the Tenth Amendment. The Court accepts that following the rules of the DPPA will require time and effort, but finds that this is not dispositive. There are many other federal regulations that require time and effort for compliance which are constitutional under the Tenth Amendment
Conclusion: The decision of the Court of Appeals is reversed.
Chief Justice Rehnquist delivered the opinion of the Court.
The Driver's Privacy Protection
Act of 1994 (DPPA or Act), 18 U. S. C. §§2721-2725 (1994 ed. and Supp. III),
regulates the disclosure of personal information contained in the records of
state motor vehicle departments (DMVs). We hold that
in enacting this statute Congress did not run afoul of the federalism
principles enunciated in
The DPPA regulates the
disclosure and resale of personal information contained in the records of state
DMVs. State DMVs require
drivers and automobile owners to provide personal information, which may
include a person's name, address, telephone number, vehicle description, Social
Security number, medical information, and photograph, as a condition of
obtaining a driver's license or registering an automobile. Congress found that
many States, in turn, sell this personal information to individuals and
businesses. See, e.g ., 139 Cong.
The DPPA establishes a regulatory scheme that restricts the States' ability to disclose a driver's personal information without the driver's consent. The DPPA generally prohibits any state DMV, or officer, employee, or contractor thereof, from "knowingly disclos[ing] or otherwise mak[ing] available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record." 18 U. S. C. §2721(a). The DPPA defines "personal information" as any information "that identifies an individual, including an individual's photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability information," but not including "information on vehicular accidents, driving violations, and driver's status." §2725(3). A "motor vehicle record" is defined as "any record that pertains to a motor vehicle operator's permit, motor vehicle title, motor vehicle registration, or identification card issued by a department of motor vehicles." §2725(1).
The DPPA's ban on disclosure of personal information does not apply if drivers have consented to the release of their data. When we granted certiorari in this case, the DPPA provided that a DMV could obtain that consent either on a case-by-case basis or could imply consent if the State provided drivers with an opportunity to block disclosure of their personal information when they received or renewed their licenses and drivers did not avail themselves of that opportunity. §§2721(b)(11), (13), and (d). However, Public Law 106-69, 113 Stat. 986, which was signed into law on October 9, 1999, changed this "opt-out" alternative to an "opt-in" requirement. Under the amended DPPA, States may not imply consent from a driver's failure to take advantage of a state-afforded opportunity to block disclosure, but must rather obtain a driver's affirmative consent to disclose the driver's personal information for use in surveys, marketing, solicitations, and other restricted purposes. See Pub. L. 106-69, 113 Stat. 986 §§350(c), (d), and (e), App. to Supp. Brief for Petitioners 1(a), 2(a).
prohibition of nonconsensual disclosures is also subject to a number of
statutory exceptions. For example, the DPPA requires disclosure of personal
information "for use in connection with matters of motor vehicle or driver
safety and theft, motor vehicle emissions, motor vehicle product alterations,
recalls, or advisories, performance monitoring of motor vehicles and dealers by
motor vehicle manufacturers, and removal of non-owner records from the original
owner records of motor vehicle manufacturers to carry out the purposes of
titles I and IV of the Anti Car Theft Act of 1992, the Automobile Information Disclosure
Act, the Clean Air Act, and chapters 301, 305, and 321-331 of title 49."
The DPPA's provisions do not apply solely to States. The Act also regulates the resale and redisclosure of drivers' personal information by private persons who have obtained that information from a state DMV. 18 U. S. C. §2721(c) (1994 ed. and Supp. III). In general, the Act allows private persons who have obtained drivers' personal information for one of the aforementioned permissible purposes to further disclose that information for any one of those purposes. Ibid. If a State has obtained drivers' consent to disclose their personal information to private persons generally and a private person has obtained that information, the private person may redisclose the information for any purpose. Ibid. Additionally, a private actor who has obtained drivers' information from DMV records specifically for direct-marketing purposes may resell that information for other direct-marketing uses, but not otherwise. Ibid. Any person who rediscloses or resells personal information from DMV records must, for five years, maintain records identifying to whom the records were disclosed and the permitted purpose for the resale or redisclosure. Ibid.
The DPPA establishes several penalties to be imposed on States and private actors that fail to comply with its requirements. The Act makes it unlawful for any "person" knowingly to obtain or disclose any record for a use that is not permitted under its provisions, or to make a false representation in order to obtain personal information from a motor vehicle record. §§2722(a) and (b). Any person who knowingly violates the DPPA may be subject to a criminal fine, §§2723(a), 2725(2). Additionally, any person who knowingly obtains, discloses, or uses information from a state motor vehicle record for a use other than those specifically permitted by the DPPA may be subject to liability in a civil action brought by the driver to whom the information pertains. §2724. While the DPPA defines "person" to exclude States and state agencies, §2725(2), a state agency that maintains a "policy or practice of substantial noncompliance" with the Act maybe subject to a civil penalty imposed by the United States Attorney General of not more than $5,000 per day of substantial noncompliance. §2723(b).
Following the DPPA's enactment,
We of course begin with the
time-honored presumption that the DPPA is a "constitutional exercise of
legislative power." Close v.
But the fact that drivers'
personal information is, in the context of this case, an article in interstate
commerce does not conclusively resolve the constitutionality of the DPPA. In
"While Congress has
substantial powers to govern the Nation directly, including in areas of
intimate concern to the States, the Constitution has never been understood to
confer upon Congress the ability to the require the
States to govern according to Congress' instructions. Coyle v. Smith , 221
In Printz , we invalidated a
provision of the Brady Act which commanded "state and local enforcement
officers to conduct background check on prospective handgun purchasers,"
"We held in
We agree with
"The NGA [National Governor's Association] nonetheless contends that §310 has commandeered the state legislative and administrative process because many state legislatures had to amend a substantial number of statutes in order to issue bonds in registered form and because state officials had to devote substantial effort to determine how best to implement a registered bond system. Such `commandeering' is, however, an inevitable consequence of regulating a state activity. Any federal regulation demands compliance. That a State wishing to engage in certain activity must take administrative and sometimes legislative action to comply with federal standards regulating that activity is a commonplace that presents no constitutional defect." Ibid.
Like the statute at issue in Baker , the DPPA does not require the States in their
sovereign capacity to regulate their own citizens. The DPPA regulates the
States as the owners of databases. It does not require the South Carolina
Legislature to enact any laws or regulations, and it does not require state
officials to assist in the enforcement of federal statutes regulating private
individuals. We accordingly conclude that the DPPA is consistent with the
constitutional principles enunciated in
As a final matter, we turn to
The judgment of the Court of Appeals is therefore
Disclosure is permitted for use "by any government agency" or by "any private person or entity acting on behalf of a Federal, State or local agency in carrying out its functions." 18 U. S. C. §2721(b)(1) (1994 ed. and Supp. III). The Act also allows States to divulge drivers' personal information for any state-authorized purpose relating to the operation of a motor vehicle or public safety, §2721(b)(14); for use in connection with car safety, prevention of car theft, and promotion of driver safety, §2721(b)(2); for use by a business to verify the accuracy of personal information submitted to that business and to prevent fraud or pursue legal remedies if the information that the individual submitted to the business is revealed to have been inaccurate, §2721(b)(3); in connection with court, agency, or self-regulatory body proceedings, §2721(b)(4); for research purposes so long as the information is not further disclosed or used to contact the individuals to whom the data pertain, §2721(b)(5); for use by insurers in connection with claims investigations, antifraud activities, rating or underwriting, §2721(b)(6); to notify vehicle owners that their vehicle has been towed or impounded, §2721(b)(7); for use by licensed private investigative agencies or security services for any purpose permitted by the DPPA, 18 U. S. C. §2721(b)(8); and in connection with private toll transportation services, §2721(b)(10).
In the lower courts, the