August 5, 2020
The Honorable Steve Gordon, Director
Department of Motor Vehicles
State of California
2415 First Avenue, Mail Station F101
Sacramento, California 95818-2606
Dear Director Gordon,
When Californians visit the Department of Motor Vehicles (DMV) to apply for a driver’s
license, they’re asked to have their photo taken and to provide personal information including
their home address, Social Security number, date of birth, and phone number. They provide this
sensitive information trusting that the government will not mishandle it, and it is imperative that
the DMV lives up to this expectation by protecting the data.
The Federal Bureau of Investigation (FBI), Immigration and Customs Enforcement (ICE), and
other federal agencies use facial recognition technology (FRT) that searches, among other things,
databases of driver’s license photos from many state DMVs. A full list of states has not been
made public, and we do not know if the California DMV has provided drivers’ photos to federal
agencies. 1
House2 and Senate3 committees, public interest groups,4 academics,5 and others have raised
concerns about the privacy issues associated with unregulated FRT uses. One of the most salient
concerns about FRT is that it is far less accurate in identifying people of color. A recent study by
the National Institute of Standards and Technology (NIST) found that Asian and African
Americans were misidentified between 10 and 100 times more often than white people.6 As our
nation experiences a long-overdue reckoning on racial injustice, we must ensure that biased
technology does not exacerbate existing inequities in our criminal justice system. We raise these
issues with you because state DMVs often provide photos for use in FRT used by law
enforcement agencies.
Additionally, we’re troubled by press reports about the California DMV’s disclosure of vast
quantities of data which could enable invasive biometric policing and be a symptom of a deeper
privacy malady. The California DMV receives more than $50 million annually from selling the
personal information of Californians, according to press reports. 7 The individuals whose data are
being sold are reportedly not informed of this practice or given the opportunity to opt-out. What
information is being sold, to whom it is sold, and what guardrails are associated with the sale
remain unclear.
California is not unique in selling drivers’ data or transferring it to federal agencies. While there
may be beneficial reasons to share DMV data, such as driving safety research and vehicle recalls,
the bulk disclosure of large quantities of data with little oversight is troubling. The fact that more
than one million undocumented immigrants in California have been issued driver’s licenses since
2015, only heightens our concerns about the potential for abuse of California DMV data.8
1

 While DMV matters are largely in the purview of state government, federal law also plays an
important role in protecting drivers’ privacy. In 1994 Congress passed the Driver’s Privacy
Protection Act (DPPA) which has prevented the most egregious abuses of drivers’ personal
information, but we recognize dated privacy laws may need revisions. We’re requesting further
information about how the California DMV handles personal information of drivers to inform
our efforts to enhance privacy protections.
In order to better understand the California DMV’s practice of selling drivers’ data, we request
that you provide answers to the following questions. If contractual or other legal limitations
prohibit your sharing of this information, please indicate that as appropriate.
1. What types of organizations has the DMV disclosed drivers’ data to in the past three
years? In particular, has the DMV sold or otherwise disclosed data to debt collection
agencies, private investigators, data brokers, or law enforcement agencies?
2. Has the DMV ever disclosed drivers’ photos to federal, state, or local law enforcement
agencies or given such agencies access to a database of drivers’ photos?
3. What specific fields of personal information have been sold or disclosed to third parties
by the DMV in the past three years?
a. Have Social Security numbers or driver’s license photos ever been disclosed?
b. If yes, to which organizations?
4. Has the DMV ever disclosed driver’s license data of undocumented immigrants to law
enforcement agencies (including but not limited to FBI and ICE)?
5. If a Californian contacts the DMV to request that their data not be disclosed, would the
DMV honor their request?
a. Has the DMV received any such requests?
b. If so, how many?
6. Do provisions of federal law, state law, or the DMV’s contractual agreements limit what
an entity that receives data from the DMV can do with the data, such as prohibiting
further disclosure of data?
7. Please provide a copy of any written privacy policies, procedures, or processes that
govern DMV activities.
8. A California DMV spokesman claimed that the agency audits data buyers to ensure that
they comply with data protection requirements.9
2

 a. What proportion of buyers are audited each year?
b. What do audits entail?
c. Has the California DMV ever revoked access to data from a commercial entity
because of information uncovered during an audit?
In today’s ever-increasing digital world, our private information is too often stolen, abused, used
for profit, or grossly mishandled. It’s critical that the custodians of the personal information of
Americans – from corporations to government agencies – be held to high standards of data
protection in order to restore the right of privacy in our country.
We thank you in advance for your cooperation, and we look forward to receiving your timely
responses to our questions.
Sincerely,

______________________
Anna G. Eshoo
Member of Congress

______________________
Ted Lieu
Member of Congress

______________________
Barbara Lee
Member of Congress

______________________
Mike Thompson
Member of Congress

______________________
Grace F. Napolitano
Member of Congress

______________________
Tony Cárdenas
Member of Congress

______________________
Judy Chu
Member of Congress

______________________
Jerry McNerney
Member of Congress

______________________
J. Luis Correa
Member of Congress

______________________
Kevin Mullin
California Assemblymember

______________________
Mark Stone
California Assemblymember

cc:

The Honorable Nancy Pelosi, Speaker of the House
The Honorable David S. Kim, Secretary of the California State Transportation Agency

3

 Rudolph, Harrison. “ICE Searches of State Driver’s License Databases.” Medium. Georgetown Law Center on
Privacy & Technology, July 9, 2019. https://medium.com/center-on-privacy-technology/ice-searches-of-statedrivers-license-databases-4891a97d3e19.
1

Hearing on “Facial Recognition Technology (Part II): Ensuring Transparency in Government Use” (Committee on
Oversight and Reform of the U.S. House of Representatives, June 4, 2019).
https://oversight.house.gov/legislation/hearings/facial-recognition-technology-part-ii-ensuring-transparency-ingovernment-use.
2

Hearing on “What Facial Recognition Technology Means for Privacy and Civil Liberties” (Subcommittee on
Privacy, Technology and the Law of the Committee on the Judiciary of the U.S. Senate, July 18, 2012).
https://www.judiciary.senate.gov/meetings/what-facial-recognition-technology-means-for-privacy-and-civilliberties.
3

Collins, Terry. “Facial Recognition: Do You Really Control How Your Face Is Being Used?” USA TODAY,
November 19, 2019. https://www.usatoday.com/story/tech/2019/11/19/police-technology-and-surveillance-politicsof-facial-recognition/4203720002/ (“American Civil Liberties Union su[ed] the FBI, the Department of Justice and
the Drug Enforcement Agency for those federal agencies' records to see if there is any secret surveillance in use
nationwide”).
4

Clare Garvie, Alvaro Bedoya, and Jonathan Frankle. “The Perpetual Line-Up.” Center on Privacy & Technology at
Georgetown Law, October 18, 2016. https://www.perpetuallineup.org/.
5

“Face Recognition Vendor Test (FRVT) Part 3: Demographic Effects” (National Institute of Standards and
Technology, December 2019). https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8280.pdf.
6

Cox, Joseph. “The California DMV Is Making $50M a Year Selling Drivers’ Personal Information.” Vice,
November 25, 2019. https://www.vice.com/en_us/article/evjekz/the-california-dmv-is-making-dollar50m-a-yearselling-drivers-personal-information.
7

Benjy Egel. “More than a Million Undocumented Immigrants Have Received California Driver’s Licenses   The
Sacramento Bee.” Sacramento Bee, April 4, 2018. https://www.sacbee.com/news/politics-government/capitolalert/article207939584.html.
8

9

Cox, Joseph. “The California DMV Is Making $50M a Year Selling Drivers’ Personal Information.”

4