998 F. Supp. 2d 813
D. Minnesota2014Background
- Plaintiff Brooke Nicole Bass sued multiple Minnesota counties, cities, the DPS Commissioners, and unknown law enforcement/DPS personnel, alleging improper access to her DVS motor-vehicle record hundreds of times between 2005 and 2012.
- Her DVS record contained personal data (address, photo, DOB, weight, height, eye color, driver ID). An audit requested in 2013 revealed the access history.
- Claims asserted: violations of the Driver’s Privacy Protection Act (DPPA), 42 U.S.C. § 1983 (constitutional and statutory bases), and state-law intrusion upon seclusion.
- Defendants moved to dismiss / for judgment on the pleadings; Hennepin County moved to sever. The court granted dismissal and denied severance as moot.
- Court applied the federal four-year statute of limitations to DPPA claims and a two-year rule for intrusion; many alleged accesses predated those limitation periods and were time-barred.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether DPPA claims are time-barred | Bass urged tolling/discovery rule; alleged concealment | Defendants argued general accrual rule (wrong occurs when record accessed) | Court adopted general accrual rule; DPPA claims before 4/12/2009 dismissed |
| Whether DPS Commissioners liable under DPPA for maintaining DVS | Commissioners’ design/monitoring enabled misuse, so liable | Commissioners lacked personal, impermissible purpose or direct disclosure | Dismissed: DPPA requires the actor to have an impermissible purpose; mere maintenance/negligence insufficient |
| Whether City/County accesses sufficiently plead impermissible purpose under DPPA | Frequency of access implies impermissible purpose; alleged none of accesses fell within permitted exceptions | Defendants: bare allegations insufficient under Twombly/Iqbal; presumption public officers acted properly | Dismissed: plaintiff failed to plead non-permitted purpose with required factual specificity |
| Whether § 1983 can enforce DPPA or sustain constitutional claims | § 1983 can enforce statutory rights and constitutional privacy/search rights were violated | Defendants: DPPA provides exclusive private remedy; Bass lacks constitutional privacy/search claims or standing | Dismissed: § 1983 cannot be used to enforce DPPA; Fourth Amendment claims fail (no reasonable expectation of privacy; no standing for DVS access); municipal liability falls with individual claims |
| Whether state-law intrusion upon seclusion was stated | Bass: access to personal DVS data is an offensive intrusion | Defendants: data not highly offensive/intimate; many claims time-barred | Dismissed: information not sufficiently intimate to be "highly offensive"; pre-4/12/2011 access time-barred |
| Whether joinder/severance appropriate under Rule 20 | Bass joined many jurisdictions claiming similar harms | Hennepin: transactions not the same; joinder improper | Severance denied as moot because claims dismissed on merits and procedural joinder failed (claims not reasonably related) |
Key Cases Cited
- Ashcroft v. Iqbal, 556 U.S. 662 (2009) (pleading must state plausible claim; labels/conclusions insufficient)
- Bell Atl. Corp. v. Twombly, 550 U.S. 544 (2007) (plausibility pleading standard)
- Smith v. Maryland, 442 U.S. 735 (1979) (no privacy expectation in information voluntarily given to third parties)
- Monell v. Dep’t of Soc. Servs., 436 U.S. 658 (1978) (municipal liability requires unconstitutional policy or custom)
- Maracich v. Spears, 570 U.S. 48 (2013) (interpreting DPPA scope and allocations of liability)
- United States v. Miller, 425 U.S. 435 (1976) (Fourth Amendment protection limited when information is conveyed to third parties)