540
Facts: Congress passed the Driver’s Privacy Protection Act
of 1994 to keep state DMVs from selling drivers’
personal information without their consent.
The practices of the South Carolina DMV went against the Act. South Carolina Attorney General Condon filed
suit against the government, claiming the law was unconstitutional under the Tenth
and Eleventh Amendments. The District Court
agreed with the state and granted it summary judgment, enjoining the federal
government from applying the law. The Court
of Appeals upheld the District Court’s decision. The federal government appealed to the U.S.
Supreme Court.
Issue: Does the Tenth Amendment forbid the federal
government from regulating the activities of state Departments of Motor
Vehicles?
Rule: The Tenth Amendment says that the federal government
cannot force the states to enact policies or regulations that would impact the
state’s citizens. Congress can, however,
regulate the activities of the states
themselves.
Analysis: The Court first assumes that the statute is constitutional
unless proven otherwise. Then the Court accepts
the federal government’s argument that the DPPA is a constitutional exercise of
Congress’s Commerce Clause power.
The Court then finds that the
statute does not violate the Tenth Amendment.
The Court accepts that following the rules of the DPPA will require time
and effort, but finds that this is not dispositive. There are many other federal regulations that
require time and effort for compliance which are constitutional under the Tenth
Amendment
Conclusion: The decision of the Court of Appeals is reversed.
Opinion
Chief Justice Rehnquist delivered
the opinion of the Court.
The Driver's Privacy Protection
Act of 1994 (DPPA or Act), 18 U. S. C. §§2721-2725 (1994 ed. and Supp. III),
regulates the disclosure of personal information contained in the records of
state motor vehicle departments (DMVs). We hold that
in enacting this statute Congress did not run afoul of the federalism
principles enunciated in
The DPPA regulates the
disclosure and resale of personal information contained in the records of state
DMVs. State DMVs require
drivers and automobile owners to provide personal information, which may
include a person's name, address, telephone number, vehicle description, Social
Security number, medical information, and photograph, as a condition of
obtaining a driver's license or registering an automobile. Congress found that
many States, in turn, sell this personal information to individuals and
businesses. See, e.g ., 139 Cong.
The DPPA establishes a
regulatory scheme that restricts the States' ability to disclose a driver's
personal information without the driver's consent. The DPPA generally prohibits
any state DMV, or officer, employee, or contractor thereof, from
"knowingly disclos[ing]
or otherwise mak[ing]
available to any person or entity personal information about any individual
obtained by the department in connection with a motor vehicle record." 18 U. S. C. §2721(a). The DPPA defines "personal
information" as any information "that identifies an individual,
including an individual's photograph, social security number, driver
identification number, name, address (but not the 5-digit zip code), telephone
number, and medical or disability information," but not including
"information on vehicular accidents, driving violations, and driver's
status." §2725(3). A "motor vehicle record" is defined as
"any record that pertains to a motor vehicle operator's permit, motor
vehicle title, motor vehicle registration, or identification card issued by a
department of motor vehicles." §2725(1).
The DPPA's
ban on disclosure of personal information does not apply if drivers have
consented to the release of their data. When we granted certiorari in this
case, the DPPA provided that a DMV could obtain that consent either on a
case-by-case basis or could imply consent if the State provided drivers with an
opportunity to block disclosure of their personal information when they
received or renewed their licenses and drivers did not avail themselves of that
opportunity. §§2721(b)(11), (13), and (d). However,
Public Law 106-69, 113 Stat. 986, which was signed into law on October 9, 1999,
changed this "opt-out" alternative to an "opt-in"
requirement. Under the amended DPPA, States may not imply consent from a
driver's failure to take advantage of a state-afforded opportunity to block
disclosure, but must rather obtain a driver's affirmative consent to disclose
the driver's personal information for use in surveys, marketing, solicitations,
and other restricted purposes. See Pub. L. 106-69, 113 Stat. 986 §§350(c), (d),
and (e), App. to Supp. Brief for Petitioners 1(a), 2(a).
The DPPA's
prohibition of nonconsensual disclosures is also subject to a number of
statutory exceptions. For example, the DPPA requires disclosure of personal
information "for use in connection with matters of motor vehicle or driver
safety and theft, motor vehicle emissions, motor vehicle product alterations,
recalls, or advisories, performance monitoring of motor vehicles and dealers by
motor vehicle manufacturers, and removal of non-owner records from the original
owner records of motor vehicle manufacturers to carry out the purposes of
titles I and IV of the Anti Car Theft Act of 1992, the Automobile Information Disclosure
Act, the Clean Air Act, and chapters 301, 305, and 321-331 of title 49."
18
The DPPA's
provisions do not apply solely to States. The Act also regulates the resale and
redisclosure of drivers' personal information by
private persons who have obtained that information from a state DMV. 18 U. S. C. §2721(c) (1994 ed. and Supp. III). In general,
the Act allows private persons who have obtained drivers' personal information
for one of the aforementioned permissible purposes to further disclose that
information for any one of those purposes. Ibid. If a
State has obtained drivers' consent to disclose their personal information to
private persons generally and a private person has obtained that information,
the private person may redisclose the information for
any purpose. Ibid. Additionally, a private actor who has obtained drivers' information
from DMV records specifically for direct-marketing purposes may resell that
information for other direct-marketing uses, but not otherwise. Ibid. Any person who rediscloses
or resells personal information from DMV records must, for five years, maintain
records identifying to whom the records were disclosed and the permitted
purpose for the resale or redisclosure. Ibid.
The DPPA establishes several
penalties to be imposed on States and private actors that fail to comply with
its requirements. The Act makes it unlawful for any "person"
knowingly to obtain or disclose any record for a use that is not permitted
under its provisions, or to make a false representation in order to obtain
personal information from a motor vehicle record. §§2722(a)
and (b). Any person who knowingly violates the DPPA may be subject to a
criminal fine, §§2723(a), 2725(2). Additionally, any person who knowingly obtains, discloses, or uses information from a state motor
vehicle record for a use other than those specifically permitted by the DPPA
may be subject to liability in a civil action brought by the driver to whom the
information pertains. §2724. While the DPPA defines "person" to
exclude States and state agencies, §2725(2), a state agency that maintains a "policy
or practice of substantial noncompliance" with the Act maybe subject to a
civil penalty imposed by the United States Attorney General of not more than
$5,000 per day of substantial noncompliance. §2723(b).
Following the DPPA's enactment,
We of course begin with the
time-honored presumption that the DPPA is a "constitutional exercise of
legislative power." Close v.
The
But the fact that drivers'
personal information is, in the context of this case, an article in interstate
commerce does not conclusively resolve the constitutionality of the DPPA. In
"While Congress has
substantial powers to govern the Nation directly, including in areas of
intimate concern to the States, the Constitution has never been understood to
confer upon Congress the ability to the require the
States to govern according to Congress' instructions. Coyle v. Smith , 221
In Printz , we invalidated a
provision of the Brady Act which commanded "state and local enforcement
officers to conduct background check on prospective handgun purchasers,"
521
"We held in
We agree with
"The NGA [National
Governor's Association] nonetheless contends that §310 has commandeered the
state legislative and administrative process because many state legislatures
had to amend a substantial number of statutes in order to issue bonds in
registered form and because state officials had to devote substantial effort to
determine how best to implement a registered bond system. Such `commandeering'
is, however, an inevitable consequence of regulating a state activity. Any
federal regulation demands compliance. That a State wishing to engage in
certain activity must take administrative and sometimes legislative action to
comply with federal standards regulating that activity is a commonplace that
presents no constitutional defect." Ibid.
Like the statute at issue in Baker , the DPPA does not require the States in their
sovereign capacity to regulate their own citizens. The DPPA regulates the
States as the owners of databases. It does not require the South Carolina
Legislature to enact any laws or regulations, and it does not require state
officials to assist in the enforcement of federal statutes regulating private
individuals. We accordingly conclude that the DPPA is consistent with the
constitutional principles enunciated in
As a final matter, we turn to
The judgment of the Court of
Appeals is therefore
Reversed.
FOOTNOTES
Footnote 1
Disclosure is permitted for use "by any
government agency" or by "any private person or entity acting on
behalf of a Federal, State or local agency in carrying out its functions."
18 U. S. C. §2721(b)(1) (1994 ed. and Supp. III). The
Act also allows States to divulge drivers' personal information for any
state-authorized purpose relating to the operation of a motor vehicle or public
safety, §2721(b)(14); for use in connection with car safety, prevention of car
theft, and promotion of driver safety, §2721(b)(2); for use by a business to
verify the accuracy of personal information submitted to that business and to
prevent fraud or pursue legal remedies if the information that the individual
submitted to the business is revealed to have been inaccurate, §2721(b)(3); in
connection with court, agency, or self-regulatory body proceedings,
§2721(b)(4); for research purposes so long as the information is not further
disclosed or used to contact the individuals to whom the data pertain,
§2721(b)(5); for use by insurers in connection with claims investigations,
antifraud activities, rating or underwriting, §2721(b)(6); to notify vehicle
owners that their vehicle has been towed or impounded, §2721(b)(7); for use by
licensed private investigative agencies or security services for any purpose
permitted by the DPPA, 18 U. S. C. §2721(b)(8); and in connection with private
toll transportation services, §2721(b)(10).
Footnote 2
In the lower courts, the
Footnote 3