Court: District Court, D. Minnesota; January 11, 2015; Federal District Court
Chief Judge Michael J. Davis issued an order based on the Report and Recommendation from Magistrate Judge Tony N. Leung, dated December 19, 2014, regarding motions from the Cities of Saint Paul and Minneapolis. The motions for judgment on the pleadings, summary judgment, and motions to sever from both cities were partially granted and partially denied as moot. The case involves claims by the Plaintiff under the Driver’s Privacy Protection Act (DPPA), 42 U.S.C. § 1983, and common law, concerning unauthorized access to her driver’s license information. This lawsuit is part of a series of similar actions in the district alleging illegal access to personal data. The report references a prior recommendation regarding other dispositive motions and discusses the nature of the database involved, the unauthorized access incidents related to the Plaintiff's private information, and the broader context of the ongoing litigation.
Plaintiff claims that officers affiliated with the Cities of St. Paul and Minneapolis unlawfully accessed her private data multiple times, specifically four times by St. Paul and nine times by Minneapolis. The legal basis for the claims includes violations of the Driver's Privacy Protection Act (DPPA), 42 U.S.C. § 1983, and common law. In Count I, Plaintiff asserts a DPPA violation; in Count II, she alleges that individual City employees infringed her Fourth and Fourteenth Amendment rights under § 1983. Count III contends that the Cities exhibited deliberate indifference to her constitutional rights by failing to address the unauthorized access of her private data, which violated their regulations due to inadequate training and supervision. Count VI alleges a common law invasion of privacy.
The Cities have filed a motion for judgment on the pleadings under Fed. R. Civ. P. 12(c). Such a motion is appropriate if no material facts remain in dispute and the movant is entitled to judgment as a matter of law. The standard for this motion aligns with that of a motion to dismiss under Rule 12(b)(6), requiring the complaint to present sufficient factual allegations that support a plausible claim for relief. The court will accept all factual allegations from the nonmoving party as true and will grant reasonable inferences in their favor. The Plaintiff's allegations target the Cities, their law enforcement employees, and supervisors regarding the unauthorized access of her private data, which includes sensitive personal information from her driver's license.
Plaintiff claims that her private information was accessed without authorization by entering her name into a database, rather than her license plate number. She asserts that the Cities had no lawful reason for these accesses, which were conducted for personal reasons by employees not related to their law enforcement duties. Moreover, she contends that the Cities’ supervisors failed to monitor and prevent this unauthorized access, and that the Cities either permitted or ignored this illegal activity, despite having knowledge or reason to know it was occurring.
The Cities argue that Plaintiff's claims are barred by the statute of limitations, noting the absence of specific dates for the alleged accesses in the Complaint. Although an attached audit reveals access days, the corresponding access dates are missing. After filing her claims, Plaintiff provided spreadsheets to the Cities detailing the dates and times of the alleged accesses. The legal question arises as to whether the Court will consider these supplemental spreadsheets when evaluating the Cities' motions to dismiss. Generally, under Rule 12(b)(6), courts do not consider materials outside the pleadings but may include public records or documents that are integral to the complaint. The court has discretion in deciding whether to accept such materials in relation to the motion.
The Court has decided to disregard the spreadsheets submitted by the Cities in support of their motions for judgment on the pleadings. The discrepancies between the alleged accesses outlined in the Complaint and those in the respective Exhibits (Exhibit B for St. Paul and Exhibit 2 for Minneapolis) indicate different dates for the alleged accesses, with no explanation provided by the Plaintiff. The Court concludes that the actual dates of access are irrelevant since the Plaintiff has not sufficiently stated a claim against the Cities. Additionally, the complexities regarding statutes of limitation are noted, particularly concerning the Plaintiff's earlier inquiries to the Department of Public Safety (DPS) about her private data access, which began in 2011. The Court opts not to address the statutes of limitation issues.
The primary argument from the Cities is that the Complaint lacks facts that would suggest any impermissible use of private data by them or their employees. They contend that simple viewing of private data is not actionable under the Driver's Privacy Protection Act (DPPA). The Cities claim the Complaint does not specify how any access was improper. In contrast, the Plaintiff asserts that she is not required to demonstrate that the access was for an impermissible purpose, but rather that the access was not conducted in accordance with the functions of the agency as defined under section 2721(b)(1) of the DPPA.
Plaintiff asserts that she does not need to specify the exact purpose for which Defendant obtained or used her information, only that it was not a permitted purpose under the relevant statute. Citing Mallak v. Aitkin County, Plaintiff claims that the DPPA's requirement of "obtaining" information is met by merely "viewing" or "accessing" it. To establish a claim under the DPPA, a plaintiff must demonstrate that a defendant knowingly obtained, disclosed, or used personal information from a motor vehicle record for an impermissible purpose. The Court indicates that it need not define what constitutes "knowingly" in this context, as Plaintiff has not claimed that any disclosure by the Cities was knowingly for an impermissible purpose under the DPPA.
The Court emphasizes that liability under the DPPA requires knowledge that the information was obtained for a purpose outside permissible uses. It agrees with prior rulings that a plaintiff must allege the information was obtained for an impermissible purpose and notes that Plaintiff has not provided new arguments or sufficient individual allegations against the Cities. Although she alleges that all defendants accessed her data for "personal reasons" unrelated to lawful functions, her claims must be evaluated on an individual basis for each officer involved.
Plaintiff must present specific facts indicating impropriety for each officer's data access to elevate her claims beyond mere speculation. The Court concludes that Plaintiff has not alleged facts showing that the Cities knowingly disclosed her private data for impermissible purposes, nor do her allegations allow for a reasonable inference of such purposes. Thus, general allegations lack the necessary specificity to demonstrate the Cities' improper intent in accessing her information.
Plaintiff asserts that her allegations are sufficient to establish a reasonable expectation of discovering evidence supporting a claim under the Driver's Privacy Protection Act (DPPA). She cites three key facts: a lack of criminal investigation or activity in the Cities' jurisdictions, her connections to law enforcement through marriage, and the timing of information access during late hours, arguing these suggest the accesses were not for legitimate law enforcement purposes. The Court refers to previous analyses regarding DPPA claims against other defendants, indicating that while Plaintiff claims a strong connection to law enforcement, no concrete evidence supports her notoriety beyond her past marriage to an officer. The Court emphasizes that reasonable inferences must not rely on speculation and finds a lack of connection between Plaintiff and law enforcement officers in the Cities, leading to the conclusion that her allegations do not sufficiently establish a DPPA claim. The Court contrasts Plaintiff's situation with that of another case where the plaintiff could not demonstrate a connection between herself and the defendant, stating that liability under the DPPA may only be inferred if there is a clear link between the officer and the plaintiff's private data access. Lastly, it highlights the presumption that public officials fulfill their duties properly, reinforcing the insufficiency of Plaintiff's claims.
The Court finds that the Plaintiff has not sufficiently stated a claim under the Driver's Privacy Protection Act (DPPA) against the Cities and their personnel, recommending that the motions for judgment on the pleadings from both Cities be granted concerning Count I. Under Section 1983, the Plaintiff claims that all Defendants violated her rights under the DPPA and her constitutional right to privacy as per the Fourth and Fourteenth Amendments. The Cities argue for judgment on these claims, asserting three main points: (1) the DPPA includes a comprehensive remedial framework that precludes relief under § 1983; (2) the Plaintiff lacks a constitutional privacy interest in the accessed information; and (3) she has not provided facts indicating that her injuries were caused by a deficient policy or training regarding St. Paul and Minneapolis police officers. The Plaintiff references constitutional arguments made in previous responses to other motions to dismiss. Section 1983 allows federal claims against state actors for violations of constitutional rights but does not create substantive rights itself. The Cities contend that since the DPPA has its own remedial scheme, enforcement through § 1983 is not permissible. As the Court previously noted, any § 1983 claims linked to DPPA violations must fail because the Plaintiff has not established a valid DPPA claim against the Cities, warranting dismissal of her § 1983 claims based on the lack of a statutory violation.
Plaintiff's claims under the Driver's Privacy Protection Act (DPPA) against the Cities are deemed unviable as the court finds that the DPPA's enforcement scheme excludes remedies under § 1983. Consequently, the recommendation is to dismiss these claims for failure to state a valid claim. Regarding constitutional privacy claims based on the Fourth and Fourteenth Amendments, the Cities assert that individuals do not possess a reasonable expectation of privacy in driver’s license information held by governmental entities. The Cities argue that the driver’s license information is owned by the Department of Public Safety (DPS), not the Plaintiff, negating any Fourth Amendment protections. The court agrees, citing prior rulings, and thus recommends dismissal of the privacy claims. Furthermore, the Cities contend that Plaintiff has not substantiated a Monell claim, as there are no facts indicating her injuries were caused by a deficient policy or inadequate training of police personnel. Since the Plaintiff's constitutional claims have been dismissed, the basis for Monell liability also fails. Overall, the court recommends dismissing all claims against the Cities.
Plaintiff's Monell claim against the City and County Defendants is subject to dismissal because no constitutional violation has been established; thus, all claims against individual defendants also fail, warranting dismissal of municipal liability claims. The Court recommends granting the Cities' motions regarding Counts II and III. Regarding the common-law intrusion-upon-seclusion privacy claim, the Cities argue that this claim relies on proving a violation of federal law or a constitutional right, which Plaintiff has not done. The intrusion-upon-seclusion tort requires intentional intrusion that is highly offensive and occurs in a context where there is a legitimate expectation of privacy. The Cities assert that Plaintiff cannot demonstrate the requisite "highly offensive" nature of the alleged intrusion, arguing that no reasonable person would find it offensive. However, Plaintiff argues that the number of accesses to her private information would be viewed as highly offensive by a reasonable person. Although the "highly offensive" nature is typically a question for a jury, courts must determine if a sufficient threshold of offensiveness exists for the claim to proceed.
Invasion of privacy claims require the court to assess the offensiveness of the alleged conduct to determine if a cause of action exists. The standard of a reasonable person is typically a factual question, but it can become a legal question if only one conclusion is evident from the evidence. To have a viable claim for intrusion upon seclusion, the plaintiff must demonstrate a significant level of offensiveness and a strong expectation of privacy. The court found that the plaintiff did not meet this threshold, as accessing private data through a database was not deemed highly offensive to a reasonable person. Furthermore, the plaintiff failed to establish that the alleged unauthorized accesses could be attributed to the two defendants. Each claim against the defendants is treated independently, and no concerted action was alleged. Consequently, the court recommends granting the motions for judgment on the pleadings filed by the Cities, rendering the alternative requests for summary judgment and severance moot. The court highlights that the standard for a motion to dismiss is similarly applicable to motions for judgment on the pleadings, requiring acceptance of the complaint's allegations as true and reasonable inferences in favor of the nonmoving party. The plaintiff later provided a list of ten accesses of her private data, with some accesses acknowledged by Minneapolis as not being time-barred. The complexity of the case is illustrated by the plaintiff's extensive focus on statutes of limitations in her opposition memoranda.
The Court determines it does not need to evaluate whether the Driver's Privacy Protection Act (DPPA) constitutes a statutory right to privacy, since even if it does, the DPPA’s enforcement mechanism prevents a remedy under Section 1983. The Court finds the absence of a reasonable expectation of privacy is decisive for the Plaintiff's constitutional claims regarding privacy and thus does not address if accessing her driver's license information qualifies as a search under the Fourth Amendment. No precedent exists indicating that accessing a driver's license database is a search or seizure under the Fourth Amendment, which requires a reasonable expectation of privacy. The Court references Monell v. Department of Social Services, noting that a municipality can be liable under Section 1983 if an official municipal policy leads to a constitutional violation, as established in Veatch v. Bartels Lutheran Home.
