Here’s what happened, according to court documents:
When Andrews bought the Equinox in 2017, he presented the store with his driver’s license, which included his name and post office box address. He also filled out a California Department of Motor Vehicles vehicle transfer form that listed his phone number, street address and post office box.
The store entered the information into its dealership management system, which provided SiriusXM with a record of the sale. Andrews said he didn’t give the store “nor anyone else permission to share his personal information” with SiriusXM, according to the decision. SiriusXM also got his post office box information from the U.S. Postal Service’s national change of address database.
The suit accused SiriusXM of violating the 1994 federal Driver’s Privacy Protection Act, or DPPA, by obtaining his information from motor vehicle records, “most likely the registration documents submitted to the DMV,” and using that information for a “nonpermissible purpose,” namely to sell subscriptions to its radio service. The dealership wasn’t sued.
The DPPA was a congressional response to a “troubling phenomena” of state departments of motor vehicles disclosing or selling drivers’ personal information, which contributed to a “growing threat from stalkers and criminals,” as well as unwanted direct marketing solicitations, the court said.
But unfortunately for Andrews, the DPPA doesn’t cover situations in which a department of motor vehicles isn’t the source that discloses personal information, the court ruled.
“We acknowledge the potential abuses — such as the intrusive behavior Andrews experienced — that can result from exploitation of personal information contained on an individual’s driver’s license,” Smith wrote in his decision.
But, Smith continued, “Andrews concedes that neither [SiriusXM] nor anyone else requested or acquired his information from the California DMV,” and thus “Sirius XM’s conduct, annoying as it might have been” didn’t violate the law.