The Driver’s Privacy Protection Act (DPPA) may not draw as much regular attention as statutes like the VPPA, CCPA, or TCPA, but it remains a source of privacy litigation risk where motor vehicle record information is involved. The DPPA is a federal law that limits how personal information from state motor vehicle records may be obtained, disclosed, or used, and it allows individuals to sue over alleged misuse of that information.

In Cicale v. Professional Parking Management Corporation, No. 24-61146-CIV-SINGHAL (S.D. Fla. May 1, 2026), the plaintiff alleged in 2024 that a parking management company used license plate reader technology in private lots, matched plate numbers to Department of Motor Vehicles (DMV) records and then mailed parking charge notices to vehicle owners without first obtaining written consent. He claimed the notices were designed to resemble official citations, demanded $90 plus a $4.99 surcharge, and warned that nonpayment could lead to collections, booting, or towing. The complaint sought to represent a nationwide DPPA class and also asserted Florida consumer protection claims.

In an order entered on May 1, 2026, the District Court in the Southern District of Florida did not decide whether the company’s alleged access to DMV records violated the DPPA. Instead, the court held that the plaintiff had not alleged the kind of concrete injury needed to proceed in federal court. The order found that broad assertions of distress, annoyance, and privacy harm were too conclusory, and it rejected the plaintiff’s attempt to compare access to DMV records with a traditional invasion-of-privacy claim under Florida law. The court also rejected the claimed financial injury, reasoning that the plaintiff parked, left without paying, and then paid a bill he owed. The court dismissed the complaint and closed the case.

The decision underscores that, in DPPA litigation, a plaintiff must show real harm, not just alleged misuse of motor vehicle data. For businesses that use vehicle or location-related data in billing, enforcement, or operations, that means the fight may center as much on injury as on the underlying data practice. For now, this claim is parked.

Photo of Roma Patel Roma Patel

Roma Patel focuses her practice on a broad range of data privacy and cybersecurity matters. She handles comprehensive responses to cybersecurity incidents, including business email compromises, network intrusions, inadvertent disclosures and ransomware attacks. In response to privacy and cybersecurity incidents, Roma guides clients…

Roma Patel focuses her practice on a broad range of data privacy and cybersecurity matters. She handles comprehensive responses to cybersecurity incidents, including business email compromises, network intrusions, inadvertent disclosures and ransomware attacks. In response to privacy and cybersecurity incidents, Roma guides clients through initial response, forensic investigation, and regulatory obligations in a manner that balances legal risks and business or organizational needs. Read her full rc.com bio here.

Read more about Roma Patel
Show more Show less