RENO, ATTORNEY GENERAL, et al. v. CONDON, ATTORNEY GENERAL OF SOUTH CAROLINA, et al.
certiorari to the united states court of appeals for the fourth circuit
No. 98-1464. Argued November 10, 1999--Decided January 12, 2000
State departments of motor vehicles (DMVs) require drivers and automobile owners to provide personal information, which may include a person's name, address, telephone number, vehicle description, Social Security number, medical information, and photograph, as a condition of obtaining a driver's license or registering an automobile. Finding that many States sell this information to individuals and businesses for significant revenues, Congress enacted the Driver's Privacy Protection Act of 1994 (DPPA), which establishes a regulatory scheme that restricts the States' ability to disclose a driver's personal information without the driver's consent. South Carolina law conflicts with the DPPA's provisions. Following the DPPA's enactment, South Carolina and its Attorney General filed this suit, alleging that the DPPA violates the Tenth and Eleventh Amendments to the United States Constitution. Concluding that the DPPA is incompatible with the principles of federalism inherent in the Constitution's division of power between the States and the Federal Government, the District Court granted summary judgment for the State and permanently enjoined the DPPA's enforcement against the State and its officers. The Fourth Circuit affirmed, concluding that the Act violates constitutional principles of federalism.
Held: In enacting the DPPA, Congress did not run afoul of the federalism principles enunciated in New York v . United States , 505 U. S. 144 , and Printz v . United States , 521 U. S. 898 . The Federal Government correctly asserts that the DPPA is a proper exercise of Congress' authority to regulate interstate commerce under the Commerce Clause, U. S. Const., Art. I, §8, cl. 3. The motor vehicle information which the States have historically sold is used by insurers, manufacturers, direct marketers, and others engaged in interstate commerce to contact drivers with customized solicitations. The information is also used in the stream of interstate commerce by various public and private entities for matters related to interstate motoring. Because drivers' personal, identifying information is, in this context, an article of commerce, its sale or release into the interstate stream of business is sufficient to support congressional regulation. See United States v. Lopez , 514 U. S. 549 , 558-559. This does not conclusively resolve the DPPA's constitutionality because in New York and Printz the Court held that federal statutes were invalid, not because Congress lacked legislative authority over the subject matter, but because those statutes violated Tenth Amendment federalism principles. However, the DPPA does not violate those principles. This case is instead governed by South Carolina v. Baker , 485 U. S. 505 , in which a statute prohibiting States from issuing unregistered bonds was upheld because it regulated state activities, rather than seeking to control or influence the manner in which States regulated private parties, id., at 514-515. Like that statute, the DPPA does not require the States in their sovereign capacity to regulate their own citizens; rather, it regulates the States as the owners of databases. It does not require the South Carolina Legislature to enact any laws or regulations, as did the statute at issue in New York , and it does not require state officials to assist in the enforcement of federal statutes regulating private individuals, as did the law considered in Printz . Thus, the DPPA is consistent with the principles set forth in those cases. The Court need not address South Carolina's argument that the DPPA unconstitutionally regulates the States exclusively rather than by means of a generally applicable law. The DPPA is generally applicable because it regulates the universe of entities that participate as suppliers to the market for motor vehicle information--the States as initial suppliers of the information in interstate commerce and private resellers or redisclosers of that information in commerce. Pp. 6-10.
155 F. 3d 453, reversed.
Rehnquist, C. J., delivered the opinion for a unanimous Court.
JANET RENO, ATTORNEY GENERAL,
ATTORNEY GENERAL OF SOUTH
CAROLINA, et al.
on writ of certiorari to the united states court of appeals for the fourth circuit
[January 12, 2000]
Chief Justice Rehnquist delivered the opinion of the Court.
The Driver's Privacy Protection Act of 1994 (DPPA or Act), 18 U. S. C. §§2721-2725 (1994 ed. and Supp. III), regulates the disclosure of personal information contained in the records of state motor vehicle departments (DMVs). We hold that in enacting this statute Congress did not run afoul of the federalism principles enunciated in New York v . United States , 505 U. S. 144 (1992), and Printz v . United States , 521 U. S. 898 (1997).
The DPPA regulates the disclosure and resale of personal information contained in the records of state DMVs. State DMVs require drivers and automobile owners to provide personal information, which may include a person's name, address, telephone number, vehicle description, Social Security number, medical information, and photograph, as a condition of obtaining a driver's license or registering an automobile. Congress found that many States, in turn, sell this personal information to individuals and businesses. See, e.g ., 139 Cong. Rec. 29466, 29468, 29469 (1993); 140 Cong. Rec. 7929 (1994) (remarks of Rep. Goss). These sales generate significant revenues for the States. See Travis v. Reno , 163 F. 3d 1000, 1002 (CA7 1998) (noting that the Wisconsin Department of Transportation receives approximately $8 million each year from the sale of motor vehicle information).
The DPPA establishes a regulatory scheme that restricts the States' ability to disclose a driver's personal information without the driver's consent. The DPPA generally prohibits any state DMV, or officer, employee, or contractor thereof, from "knowingly disclos[ing] or otherwise mak[ing] available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record." 18 U. S. C. §2721(a). The DPPA defines "personal information" as any information "that identifies an individual, including an individual's photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability information," but not including "information on vehicular accidents, driving violations, and driver's status." §2725(3). A "motor vehicle record" is defined as "any record that pertains to a motor vehicle operator's permit, motor vehicle title, motor vehicle registration, or identification card issued by a department of motor vehicles." §2725(1).
The DPPA's ban on disclosure of personal information does not apply if drivers have consented to the release of their data. When we granted certiorari in this case, the DPPA provided that a DMV could obtain that consent either on a case-by-case basis or could imply consent if the State provided drivers with an opportunity to block disclosure of their personal information when they received or renewed their licenses and drivers did not avail themselves of that opportunity. §§2721(b)(11), (13), and (d). However, Public Law 106-69, 113 Stat. 986, which was signed into law on October 9, 1999, changed this "opt-out" alternative to an "opt-in" requirement. Under the amended DPPA, States may not imply consent from a driver's failure to take advantage of a state-afforded opportunity to block disclosure, but must rather obtain a driver's affirmative consent to disclose the driver's personal information for use in surveys, marketing, solicitations, and other restricted purposes. See Pub. L. 106-69, 113 Stat. 986 §§350(c), (d), and (e), App. to Supp. Brief for Petitioners 1(a), 2(a).
The DPPA's prohibition of nonconsensual disclosures is also subject to a number of statutory exceptions. For example, the DPPA requires disclosure of personal information "for use in connection with matters of motor vehicle or driver safety and theft, motor vehicle emissions, motor vehicle product alterations, recalls, or advisories, performance monitoring of motor vehicles and dealers by motor vehicle manufacturers, and removal of non-owner records from the original owner records of motor vehicle manufacturers to carry out the purposes of titles I and IV of the Anti Car Theft Act of 1992, the Automobile Information Disclosure Act, the Clean Air Act, and chapters 301, 305, and 321-331 of title 49." 18 U. S. C. §2721(b) (1994 ed., Supp. III) (citations omitted). The DPPA permits DMVs to disclose personal information from motor vehicle records for a number of purposes. 1
The DPPA's provisions do not apply solely to States. The Act also regulates the resale and redisclosure of drivers' personal information by private persons who have obtained that information from a state DMV. 18 U. S. C. §2721(c) (1994 ed. and Supp. III). In general, the Act allows private persons who have obtained drivers' personal information for one of the aforementioned permissible purposes to further disclose that information for any one of those purposes. Ibid. If a State has obtained drivers' consent to disclose their personal information to private persons generally and a private person has obtained that information, the private person may redisclose the information for any purpose. Ibid. Additionally, a private actor who has obtained drivers' information from DMV records specifically for direct-marketing purposes may resell that information for other direct-marketing uses, but not otherwise. Ibid. Any person who rediscloses or resells personal information from DMV records must, for five years, maintain records identifying to whom the records were disclosed and the permitted purpose for the resale or redisclosure. Ibid.
The DPPA establishes several penalties to be imposed on States and private actors that fail to comply with its requirements. The Act makes it unlawful for any "person" knowingly to obtain or disclose any record for a use that is not permitted under its provisions, or to make a false representation in order to obtain personal information from a motor vehicle record. §§2722(a) and (b). Any person who knowingly violates the DPPA may be subject to a criminal fine, §§2723(a), 2725(2). Additionally, any person who knowingly obtains, discloses, or uses information from a state motor vehicle record for a use other than those specifically permitted by the DPPA may be subject to liability in a civil action brought by the driver to whom the information pertains. §2724. While the DPPA defines "person" to exclude States and state agencies, §2725(2), a state agency that maintains a "policy or practice of substantial noncompliance" with the Act maybe subject to a civil penalty imposed by the United States Attorney General of not more than $5,000 per day of substantial noncompliance. §2723(b).
South Carolina law conflicts with the DPPA's provisions. Under that law, the information contained in the State's DMV records is available to any person or entity that fills out a form listing the requester's name and address and stating that the information will not be used for telephone solicitation. S. C. Code Ann. §§56-3-510 to 56-3-540 (Supp. 1998). South Carolina's DMV retains a copy of all requests for information from the State's motor vehicle records, and it is required to release copies of all requests relating to a person upon that person's written petition. §56-3-520. State law authorizes the South Carolina DMV to charge a fee for releasing motor vehicle information, and it requires the DMV to allow drivers to prohibit the use of their motor vehicle information for certain commercial activities. §§56-3-530, 56-3-540.
Following the DPPA's enactment, South Carolina and its Attorney General, respondent Condon, filed suit in the United States District Court for the District of South Carolina, alleging that the DPPA violates the Tenth and Eleventh Amendments to the United States Constitution. The District Court concluded that the Act is incompatible with the principles of federalism inherent in the Constitution's division of power between the States and the Federal Government. The court accordingly granted summary judgment for the State and permanently enjoined the Act's enforcement against the State and its officers. See 972 F. Supp. 977, 979 (1997). The Court of Appeals for the Fourth Circuit affirmed, concluding that the Act violates constitutional principles of federalism. See 155 F. 3d 453 (1998). We granted certiorari, 526 U. S. 1111 (1999), and now reverse.
We of course begin with the time-honored presumption that the DPPA is a "constitutional exercise of legislative power." Close v. Glenwood Cemetery , 107 U. S. 466, 475 (1883); see also INS v. Chadha , 462 U. S. 919, 944 (1983).
The United States asserts that the DPPA is a proper exercise of Congress' authority to regulate interstate commerce under the Commerce Clause, U. S. Const., Art. I, §8, cl. 3. 2 The United States bases its Commerce Clause argument on the fact that the personal, identifying information that the DPPA regulates is a "thin[g] in interstate commerce," and that the sale or release of that information in interstate commerce is therefore a proper subject of congressional regulation. United States v. Lopez , 514 U. S. 549, 558-559 (1995)). We agree with the United States' contention. The motor vehicle information which the States have historically sold is used by insurers, manufacturers, direct marketers, and others engaged in interstate commerce to contact drivers with customized solicitations. The information is also used in the stream of interstate commerce by various public and private entities for matters related to interstate motoring. Because drivers' information is, in this context, an article of commerce, its sale or release into the interstate stream of business is sufficient to support congressional regulation. We therefore need not address the Government's alternative argument that the States' individual, intrastate activities in gathering, maintaining, and distributing drivers' personal information has a sufficiently substantial impact on interstate commerce to create a constitutional base for federal legislation.
But the fact that drivers' personal information is, in the context of this case, an article in interstate commerce does not conclusively resolve the constitutionality of the DPPA. In New York and Printz , we held federal statutes invalid, not because Congress lacked legislative authority over the subject matter, but because those statutes violated the principles of federalism contained in the Tenth Amendment. In New York , Congress commandeered the state legislative process by requiring a state legislature to enact a particular kind of law. We said:
"While Congress has substantial powers to govern the Nation directly, including in areas of intimate concern to the States, the Constitution has never been understood to confer upon Congress the ability to the require the States to govern according to Congress' instructions. Coyle v. Smith , 221 U. S. 559, 565 (1911)." 505 U. S., at 162 .
In Printz , we invalidated a provision of the Brady Act which commanded "state and local enforcement officers to conduct background check on prospective handgun purchasers," 521 U. S., at 902 . We said:
"We held in New York that Congress cannot compel the States to enact or enforce a federal regulatory program. Today we hold that Congress cannot circumvent that prohibition by conscripting the States' officers directly. The Federal Government may neither issue directives requiring the States to address particular problems, nor command the States' officers, or those of their political subdivisions, to administer or enforce a federal regulatory program." Id., at 935.
South Carolina contends that the DPPA violates the Tenth Amendment because it "thrusts upon the States all of the day-to-day responsibility for administering its complex provisions," Brief for Respondents 10, and thereby makes "state officials the unwilling implementors of federal policy," id. , at 11. 3 South Carolina emphasizes that the DPPA requires the State's employees to learn and apply the Act's substantive restrictions, which are summarized above, and notes that these activities will consume the employees' time and thus the State's resources. South Carolina further notes that the DPPA's penalty provisions hang over the States as a potential punishment should they fail to comply with the Act.
We agree with South Carolina's assertion that the DPPA's provisions will require time and effort on the part of state employees, but reject the State's argument that the DPPA violates the principles laid down in either New York or Printz . We think, instead, that this case is governed by our decision in South Carolina v. Baker , 485 U. S. 505 (1988). In Baker , we upheld a statute that prohibited States from issuing unregistered bonds because the law "regulate[d] state activities," rather than "seek[ing] to control or influence the manner in which States regulate private parties." Id. , at 514-515. We further noted:
"The NGA [National Governor's Association] nonetheless contends that §310 has commandeered the state legislative and administrative process because many state legislatures had to amend a substantial number of statutes in order to issue bonds in registered form and because state officials had to devote substantial effort to determine how best to implement a registered bond system. Such `commandeering' is, however, an inevitable consequence of regulating a state activity. Any federal regulation demands compliance. That a State wishing to engage in certain activity must take administrative and sometimes legislative action to comply with federal standards regulating that activity is a commonplace that presents no constitutional defect." Ibid.
Like the statute at issue in Baker , the DPPA does not require the States in their sovereign capacity to regulate their own citizens. The DPPA regulates the States as the owners of databases. It does not require the South Carolina Legislature to enact any laws or regulations, and it does not require state officials to assist in the enforcement of federal statutes regulating private individuals. We accordingly conclude that the DPPA is consistent with the constitutional principles enunciated in New York and Printz .
As a final matter, we turn to South Carolina's argument that the DPPA is unconstitutional because it regulates the States exclusively. The essence of South Carolina's argument is that Congress may only regulate the States by means of "generally applicable" laws, or laws that apply to individuals as well as States. But we need not address the question whether general applicability is a constitutional requirement for federal regulation of the States, because the DPPA is generally applicable. The DPPA regulates the universe of entities that participate as suppliers to the market for motor vehicle information--the States as initial suppliers of the information in interstate commerce and private resellers or redisclosers of that information in commerce.
The judgment of the Court of Appeals is therefore
Disclosure is permitted for use "by any government agency" or by "any private person or entity acting on behalf of a Federal, State or local agency in carrying out its functions." 18 U. S. C. §2721(b)(1) (1994 ed. and Supp. III). The Act also allows States to divulge drivers' personal information for any state-authorized purpose relating to the operation of a motor vehicle or public safety, §2721(b)(14); for use in connection with car safety, prevention of car theft, and promotion of driver safety, §2721(b)(2); for use by a business to verify the accuracy of personal information submitted to that business and to prevent fraud or pursue legal remedies if the information that the individual submitted to the business is revealed to have been inaccurate, §2721(b)(3); in connection with court, agency, or self-regulatory body proceedings, §2721(b)(4); for research purposes so long as the information is not further disclosed or used to contact the individuals to whom the data pertain, §2721(b)(5); for use by insurers in connection with claims investigations, antifraud activities, rating or underwriting, §2721(b)(6); to notify vehicle owners that their vehicle has been towed or impounded, §2721(b)(7); for use by licensed private investigative agencies or security services for any purpose permitted by the DPPA, 18 U. S. C. §2721(b)(8); and in connection with private toll transportation services, §2721(b)(10).
In the lower courts, the United States also asserted that the DPPA was lawfully enacted pursuant to Congress' power under §5 of the Fourteenth Amendment. See 155 F. 3d 453, 463-465 (1998); 972 F. Supp. 977-979, 986-992 (1997). The District Court and Court of Appeals rejected that argument. See 155 F. 3d, at 465; 972 F. Supp., at 992. The United States' petition for certiorari and briefs to this Court do not address the §5 issue and, at oral argument, the Solicitor General expressly disavowed any reliance on it.
South Carolina has not asserted that it does not participate in the interstate market for personal information. Rather, South Carolina asks that the DPPA be invalidated in its entirety, even as it is applied to the States acting purely as commercial sellers.