The Ninth Circuit found, in Howard v. Criminal Information Services, Inc., that the Driver’s Privacy Protection Act (DPPA), 18 U.S.C. §§ 2721–2725, does not prohibit the buying in bulk of state driver databases for future use of the information therein.
Two different groups of plaintiffs had filed suit seeking to represent a class in Oregon and Washington states, seeking damages on the ground that their personal information was obtained by defendants, among them a newspaper company and a company performing background checks, in violation of the DPPA.
The DPPA provides that personal information from state driver license databases can be obtained, disclosed, or used only for certain specified purposes, such as verifying the accuracy of personal information submitted by the individual, or to use in connection with matters of motor vehicle or driver safety and theft.
However, plaintiffs did not complain that the ultimate use of their information was for purposes not permitted by the DPPA, but rather that the DPPA forbids bulk purchasing of driver’s personal information for future use, as future use is not a permitted purpose under the DPPA. Indeed, defendants had not requested driver’s records individually, but instead bought the entire database from the state, for the purpose of “stockpiling” it, a term used by the statute. However, their ultimate use of the information was permitted purposes under the DPPA.
The Ninth Circuit concluded that plaintiffs did not state a claim that stockpiling information for a permitted use is not a violation of the DPPA, as the statute is concerned with the use to which the information is put, not the way it is acquired:
“The DPPA does not contain a temporal requirement for when the information obtained must be used for the permitted purpose. Nor is there a requirement that once the information is obtained for a permitted purpose that it actually be used at all. The DPPA only requires that Defendants obtained the information for a permitted purpose.”