A follow-up report to the discovery that DMVs sell drivers’ personal data to buyers has recently found that California’s DMV, one of the more lucrative sellers, has terminated multiple buyer accounts because they abused the bought data.
Over a year ago, Vice released a report showing how the California DMV was making over $50M selling their drivers’ personal data to companies and countless other buyers such as employers, data brokers, insurance companies, and even private investigators. (Check out our op-ed in response covering the dilemma of the government making money off its citizens’ data)
Further reports have shown that California isn’t alone — the Arizona DMV, on the other hand, even goes as far as selling drivers’ photos and social security numbers.
This is a pretty big problem because no permission or consent is obtained and there’s no way to opt out of your data being sold. If the DMV gets your data (which is near-unavoidable), it can sell your data. The DMV also doesn’t provide you with information on whether your specific data was sold and who it was sold to, so there’s no telling whether someone with bad intentions is seeking out your information.
Unfortunately, this isn’t a hypothetical scenario as the DMV has cancelled accounts for abuse in the past. This is done via a buyer audit, which happens based on risk factor evaluations, related investigations, or if there are complaints against the buyer. The California DMV has performed 101 audits since 2017 and is expected to hit 60 this year.
Residents are only told about a potential issue if misuse has been discovered as a result of an audit or if a someone has requested information about a data request.
Unfortunately, there’s not much to do if you want to keep your data away from the DMV—it’s just not practical. You can make a request to the DMV to see if they have information on who has requested your data or purchased your data, but DMVs will have different policies so it’s unknown whether you’ll receive the information you want.
You can also pressure your local representative — as California representative Anna G. Eshoo mentions, DMVs selling driver data is only made possible because of the Driver’s Privacy Protection Act, which was enacted in 1994 and requires a major update. Pushing representatives to update this law for current privacy needs and/or seeing if more local politicians can place limits or at least add transparency to the process can help you take back some of your privacy rights.
To learn more about this issue, check out the Vice article here.