Reno v. Condon

What the DPPA does in one sentence

The federal Driver's Privacy Protection Act bars state DMVs and anyone downstream of them from selling, sharing, or disclosing driver record information without consent, with exceptions for specific permissible uses. Congress passed it in 1994 after the Rebecca Schaeffer murder, where the killer hired a private investigator who pulled her home address from California DMV records.

See the full law page for what it covers and how to invoke it.

What this case is

In the late 1990s, South Carolina sold driver records to commercial bulk-data buyers. The DPPA told them to stop. South Carolina sued, arguing that the federal government does not have constitutional authority to tell a state DMV what it can do with its own records. They lost at the district court, won at the Fourth Circuit, and the federal government took it to the Supreme Court.

In January 2000, the Supreme Court unanimously reversed the Fourth Circuit and upheld the DPPA. Chief Justice Rehnquist wrote the opinion. The vote was 9-0.

What the court actually held

South Carolina's theory was structural. They argued that the DPPA "commandeers" state officials to enforce a federal regulatory program, which the Tenth Amendment forbids under the line of cases that includes New York v. United States and Printz v. United States.

The court rejected the framing. The DPPA does not order state legislators to legislate or order state law enforcement officers to enforce federal law. It regulates the conduct of state DMVs as participants in the commercial market for personal information. The driver record is, the court held, "an article of commerce" because it is sold and resold across state lines for profit. That puts it inside Congress's Commerce Clause authority.

Because the DPPA regulates state activity that itself is commercial, the court did not have to reach the harder question of whether the law would apply to private resellers if the state had not been involved at all. It does, but that issue was argued in later cases.

Why this matters to first responders

Most cops and firefighters do not realize that their home address ended up on a broker site partly because their state DMV sold the underlying record to a commercial data aggregator at some point in the last twenty years. The chain runs: DMV record → bulk reseller → people-search site → public listing.

The DPPA breaks that chain. The reason it is enforceable against the broker, not just the state, is that this case established Congress had authority to write the statute in the first place. Every modern DPPA suit, including the ones that produced Atlas-style enforcement against brokers, depends on Reno v. Condon being settled law.

If South Carolina had won, the federal floor disappears. State-by-state DMV protections would be all you had, and only fourteen states have meaningful protections.

What it actually changed

After 2000, the DPPA became enforceable against state DMVs that kept selling records, and downstream against commercial buyers and resellers. The Supreme Court did not reach the question of whether private resellers were also bound, but Maracich v. Spears, 570 U.S. 48 (2013), later confirmed they are.

The DPPA gives covered drivers a private right of action with $2,500 in liquidated damages per violation plus attorney's fees. That right of action is what cops and firefighters in the 36 states without a Daniel's Law analog use when a broker has their address sourced from DMV records. The remedy is narrower than Daniel's Law, but the federal floor reaches every state.

Where it doesn't reach

The DPPA covers DMV records. It does not cover:

• Public records from other sources (voter rolls, court records, property assessor data)
• Information you posted yourself on social media
• Records collected before the DPPA's enactment in 1994

If your address showed up on a broker site because it scraped a county property record or your old LinkedIn page, this case and the DPPA are not the right tool. See Daniel's Law for state-level coverage and the federal Lieu Act for federal judges.

Downstream impact

The reasoning in Reno v. Condon has been cited in every major data-broker case where the question is whether Congress (or a state legislature) can reach commercial information traffic without violating federalism. It is the spine of the federal privacy statutes. The Court's framing of personal information as an article of commerce gave Congress a broad runway that is still being used.

Where the case is thin

The opinion is short. The court declined to reach the harder questions about private resellers, content-based speech challenges, and as-applied carve-outs. Those came later. What this case did was clear the runway. Every subsequent privacy statute, including Daniel's Law, the Lieu Act, and the state-level analogs, was passed knowing that Reno v. Condon had already answered the structural question of whether the federal government and the states could regulate this market at all.

What we do here

When a broker has your address sourced from a DMV record and refuses to remove it, the DPPA is the federal lever. We file the notice, document the response, and escalate to a private action where the statute supports it. The reason we can do that, instead of arguing constitutional first principles every time, is this case.