Monday, May 12, 2008

Ad Program Using State Vehicle Registration Information Did Not Violate Federal Law

This posting was written by Thomas Long, Editor of CCH Privacy Law in Marketing.

A company that contracted with the Florida Department of Highway Safety and Motor Vehicles (DMV) to mail notices to Florida vehicle owners, reminding them to renew vehicle registrations, did not violate the federal Driver's Privacy Protection Act (DPPA) by using information in vehicle owners' registration files to sell targeted advertising that was placed in the envelopes along with the renewals, the federal district court in Jacksonville has decided.

The company's advertising program used a "household view" developed from the vehicle identification numbers, the dates of purchase, and the zip codes for all vehicle-owning households in the participating county to determine which ads to place in each particular envelope.

Carrying Out Government Functions

The DPPA generally prohibits any state DMV from disclosing personal information in motor vehicle records to any person or entity. The DPPA permitted, however, disclosure of such information for use by any government agency in carrying out its functions, or any entity acting on behalf of a federal, state, or local agency in carrying out its functions. This exception would include use of the information by the Florida DMV itself, the court said.

Florida law contemplated that a function of state agencies may be to enter into agreements with vendors who place advertising in government publications in exchange for bearing the costs of production or publication or for compensation. One of the DMV's acknowledged functions was mailing out registration notices, and Florida law specifically allowed the DMV to contract with private vendors to financially support this function with advertising included in the renewal mailings.

Nondisclosure of Information to Advertisers

Unlike the conduct by the Florida DMV that was found violative of the DPPA in the case of Collier v. Dickinson (CCH Privacy Law in Marketing ¶60,109), the advertising program in the current case did not involve disclosure of registrants' personal information to the advertisers, the court noted. That information remained in the control of the DMV and the contractor.

Revenue generated from the disclosure of personal information to the contractor was not used for general purposes; rather, it was used to defray the expense of the renewal process. In addition, the program was directly supervised by DMV officials, who approved each advertisement.

Contractor Acting for DMV

The contractor acted "on behalf of" the DMV, for purposes of the exception, in the court's view. The contractor had contracted with the state to completely redesign, repackage, and administer the mailing of the registration renewal reminders—actions that the contractor could not have taken except while acting "on behalf of" the DMV.

“Making Available” Personal Information

Allowing advertisers to use the DMV envelope to send their ads did not constitute "making available" personal information in violation of the DPPA, the court determined. The term "make available" meant that the information is made available for viewing.

Although the contractor manipulated the information in the DMV's files to allow its sponsors to select certain categories of registrants to receive particular ads, the advertisers were not provided with the registrants' names and addresses. The effect on registrants' privacy was no different than if every registrant received the same ad.

The April 9 decision is In re Imagitas, Inc. Driver's Privacy Protection Act Litigation, CCH Privacy Law in Marketing, ¶60,202.

No comments: