Dye v. Meta Platforms, Inc.
Filing
32
ORDER granting 15 Motion to Dismiss for Failure to State a Claim. Signed by District Judge Terrence W. Boyle on 5/10/2024. (Stouch, L.)
<![CDATA[
IN THE UNITED STATES DISTRICT COURT
FOR THE EASTERN DISTRICT OF NORTH CAROLINA
WESTERN DIVISION
No. 5:23-CV-509-BO-BM
DAWN DYE, on behalf of herself and all
others similarly situated,
)
)
)
Plaintiff,
)
)
V.
META PLATFORMS, INC. ,
Defendant.
)
)
)
)
)
ORDER
This cause comes before the Court on defendant's motion to dismiss plaintifrs complaint.
Plaintiff has responded, defendant has replied, and a hearing on the matter was held before the
undersigned on March 21 , 2024, at Raleigh, North Carolina. In this posture, the motion is ripe for
ruling. For the reasons that follow , the motion to dismiss is granted.
BACKGROUND
Plaintiff initiated this action by filing a complaint on behalf of h~rself and all others
similarly situated on September 15, 2023. [DE 1]. Plaintiff alleges that defendant has violated the
Drivers' Privacy Protection Act (DPPA), 18 U .S.C. §§ 2721 , et seq. by surreptitiously tracking the
activities of North Carolinians who use the North Carolina Department of Motor Vehicles (OMV)
online payment portal (myNCDMV) to obtain disability placard renewals, new car registrations,
identification card renewals, and engage in other activities. Plaintiff alleges that when users visit
Facebook.com, defendant installs a tracking code, the Meta Tracking Pixel (Pixel), onto their
browsers which tracks many of the websites that they visit, including myNCDMV. Plaintiff
specifically alleges that the Pixel "is a piece of code that advertisers can integrate into their website.
Once activated, the [] Pixel tracks the people and type of actions they take. When the [] Pixel
captures an action, it sends a record to Facebook. Once this record is received, Meta processes it,
analyzes it, and assimilates it into datasets .. .. " Comp!. 1 17.
The OMV hosts the Pixel to allow defendant to track what visitors to the myNCOMV site
do. This tracking permits defendant to deliver targeted advertisements to its users. Plaintiff alleges
that the myNCOMV website transmits three events to defendant via the Pixel: " Page View,"
"Microdata," and "Button Click." Comp!.
1 20.
Plaintiff's complaint alleges these events are
present on nearly all of the myNCOMV webpages and "covey a trove of information about a
driver' s personal business with the OMV" including "highly restricted personal information" .
Comp!.
11 25-36.
Plaintiff alleges that when a web user is navigating the myNCOMV website
while logged into Facebook, "the myNCOMV website compels a visitor' s browser to transmit an
identifying ' computer cookie' to Meta, called ' c_ user,' for every single event sent through the []
Pixel." Comp!. 1 27. Plaintiff alleges that the c_ user cookie constitutes personally identifiable
information because it contains the web user' s unencrypted Facebook ID, which anyone may use
to identify a particular Facebook user through their Facebook page. Comp!. 128.
Plaintiff also brings allegations regarding the Pixel ' s fr cookie, which contains an
encrypted Facebook ID and browser identifier, and the usida cookie which defendant uses to target
advertisements. Comp!.
11 30-35.
Plaintiff alleges that " [b]y compelling a visitor' s browser to
disclose the c_user and fr cookies alongside event data, the myNCOMV website knowingly
discloses personal information and highly restricted personal information to Meta. By partnering
with the myNCOMV website to host the [] Pixel , Meta also knowingly obtains this same personal
information and highly restricted personal information." Compl. 138. Plaintiff further alleges that
2
defendant is collecting a drivers ' Facebook ID from the myNCDMV website by collecting c_user
and fr cookies as first-party cookies. Comp!. 139.
Plaintiff s specific experience is described in the complaint as follows. Plaintiff used the
myNCDMV website to conduct private busi ness with the DMV in August 2023. When doing so,
plaintiff accessed the myNCDMV website usi ng the same browser she uses to access her Facebook
account. Plaintiff alleges that when she was navigating through the myNCDMV website,
defendant obtained and used her personal information to help in its advertising efforts. Comp!.
11
43-47.
Defendant has moved to dismiss plaintiffs complaint for failure to state a claim upon
which relief can be granted. Fed. R. Civ. P. 12(b)(6). Defendant argues that plaintiff has failed to
allege that defendant received any information from a motor vehicle record; that she failed to allege
that defendant obtained any data for an improper purpose; and that she has failed to allege that
defendant knowingly obtained or used protected information for an improper purpose.
DISCUSSION
A Rule 12(b)(6) motion tests the legal sufficiency of the complaint. Papasan v. Allain, 4 78
U.S. 265,283 (1986). A complaint must allege enough facts to state a claim for relief that is facially
plausible. Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570 (2007). In other words, the facts
alleged must allow a court, drawing on judicial experience and common sense, to infer more than
the mere possibility of misconduct. Nemet Chevrolet, Ltd. v. Consumeraffairs.com, Inc., 591 F.3d
250, 256 (4th Cir. 2009). The court " need not accept the plaintiffs legal conclusions drawn from
the facts, nor need it accept as true unwarranted inferences, unreasonable conclusions, or
arguments." Philips v. Pitt County Mem. Hosp. , 572 F.3d 176, 180 (4th Cir. 2009) (internal
alteration and citation omitted).
3
A. TheDPPA
To obtain a driver' s license or register a vehicle, state DMVs, as a general rule,
require an individual to disclose detailed personal information, including name,
home address, telephone number, Social Security number, and medical
information. See Reno v. Condon, 528 U.S. 141 , 143, 120 S.Ct. 666, 145 L.Ed.2d
587 (2000). The enactment of the DPPA responded to at least two concerns over
the personal information contained in state motor vehicle records. The first was a
growing threat from stalkers and criminals who could acquire personal information
from state DMVs. The second concern related to the States ' common practice of
selling personal information to businesses engaged in direct marketing and
solicitation. To address these concerns, the DPPA "establishes a regulatory scheme
that restricts the States' ability to disclose a driver' s personal information without
the driver' s consent." Id., at 144, 120 S.Ct. 666.
Maracich v. Spears, 570 U.S. 48, 57 (2013). To that end, the DPPA provides that "A person who
knowingly obtains, discloses or uses personal information, from a motor vehicle record, for a
purpose not permitted under this chapter shall be liable to the individual to whom the information
pertains, who may bring a civil action in a United States district court." 18 U.S.C . § 2724(a). Thus,
to state a claim for violation of the DPPA, a plaintiff must ultimately prove that the defendant (I)
"knowingly obtained his personal information (2) from a motor vehicle record (3) for a
nonpermissible use." Andrews v. Sirius XM Radio Inc., 932 F.3d 1253 , 1259 (9th Cir. 2019).
B. Plaintiffs complaint
Plaintiff alleges that Facebook ID numbers are personal information under the DPPA and
that webpages on the myNCDMV on line payment portal are a type of motor vehicle record under
the DPPA. Plaintiff alleges that, in violation of the DPPA, defendant obtained highly restricted
personal information from a motor vehicle record and that it knowingly used this personal
information to deliver targeted advertisements, without the express consent of plaintiff or the
putative class members having been granted to either defendant or the OMV. Comp!.
4
,r,r 57-63 .
Personal information is defined by the DPPA as " information that identifies an individual ,
including an individual 's photograph, social security number, driver identification number, name,
address (but not the 5-digit zip code), telephone number, and medical or disability information ..
.. " 18 U.S.C. § 2725(3). The Court assumes, without deciding, that plaintiff has plausibly alleged
that a Facebook lD is personal information under the DPPA. See Keogh v. Meta Platforms, Inc.,
680 F. Supp. 3d 601,609 (D.S.C. 2023).
Plaintiff has failed , however, to plausibly allege that the cookies defendant allegedly
received containing her Facebook ID were obtained from a motor vehicle record. A "motor vehicle
record" is defined by the DPPA as "any record that pertains to a motor vehicle operator' s permit,
motor vehicle title, motor vehicle registration, or identification card issued by a department of
motor vehicles". 18 U .S.C. § 2725(1 ). The term "record" is defined by the Privacy Act of 1974,
which the DPPA is intended to reflect, as " information about an individual that is maintained by
an agency." 5 U.S .C. § 552a(a)(4);Andrews, 932 F.3d at 1260.
The myNCDMV website is a public-facing website accessible by anyone using the internet.
A user of the myNCDMV website can access information about vehicle registration renewal,
license and ID cards, and disability placard renewal, as well as paying administrative hearing fees
and submitting a voter registration application. See www.payments.ncdot.gov (last visited May 6,
2024). The complaint fails to allege any information about an individual that is maintained on the
myNCDMV website by the OMV such that the website itself could be considered a " record" for
purposes of the DPPA.
Nor is the myNCDMV website a "motor vehicle record." A court recently considering a
substantially similar case brought against defendant arising from a user's interaction with the South
Carolina Department of Motor Vehicles (SCDMV) website concluded that "even if the SCDMV
5
website was a ' record,' it is not a ' motor vehicle' record under the statutory definition, which is
limited to records pertaining to ' a motor vehicle operator' s permit, motor vehicle title, motor
vehicle registration, or identification card."' Keogh, 680 F. Supp. 3d at 610 (quoting 18 U.S.C. §
2725(1)). There, as here, plaintiffs argued that almost every webpage on SCDMV has a
"connection with driving." Id. ; [DE 17 p. 5] . But the South Carolina court rejected that argument,
noting both that the SCDMV website had information unrelated to driving and that, in any event,
the argument did not help the plaintiff because whether a record or information is "connected" to
driving does not satisfy the DPPA ' s definition of a "motor vehicle record" - the statute narrowly
defines a motor vehicle record as only records which pertain to the "four specific types of records"
identified. Keogh, 680 F. Supp. 3d at 610.
The same is true for plaintiff here. The myNCDMV website contains information related
to voting registration, which plainly does not pertain to a "motor vehicle operator's permit, motor
vehicle title, motor vehicle registration, or identification card." 18 U.S .C. § 2725(1 ). And, as
defendant has argued, it would stretch the DPPA too far for there to be a violation of the statute
anytime a Facebook user accesses myNCDMV to register to vote. Moreover, "disclosure of the
fact that a person simply visited a website page where motor vehicle records might or might not
be accessed does not violate the DPPA [because] the DPPA does not create a right to privacy with
respect to every interaction that a citizen may have with the DMV website." Keogh, 680 F. Supp.
3d at 610. Additionally, even assuming that the myNCDMV website uses the information it
collects to create other records about motor vehicle regi strations or disabil ity placards, that does
not cause the myNCDMV website itself to be a motor vehicle record as that term is defined by the
DPPA.
6
Finally, even if it is determined that the myNCOMV website is a motor vehicle record,
plaintiff has not plausibly alleged that the information defendant obtained comes from a motor
vehicle record. The complaint alleges that the c_ user and fr cookies at issue are placed on
plaintiffs and other users ' web browsers. Compl.
,r,r 27; 38, 45 , 59. Specifically, plaintiff alleges
that "the myNCOMV website compels a visitor' s browser to transmit an identifying ' computer
cookie' to Meta [which] contains that visitor' s unencrypted Facebook ID." Compl.
,r 27. In other
words, the information contained in the cookie comes, not from the myNCOMV website or any
OMV database, but from the webpage visitor' s browser. But the " OPPA imposes civil liability
only on a defendant who obtains personal information.from a motor vehicle record, but not on a
defendant who merely obtains personal information that can be linked back to (i.e., derived from)
such a record. " Garey v. James S. Farrin, P. C., 35 F.4th 917,927 (4th Cir. 2022). Plaintiff has not
plausibly alleged that the personal information transmitted via cookie from her own web browser
is information.from a motor vehicle record . See also Andrews, 932 F.3d at 1260 ("where, as here,
the initial source of personal information is a record in the possession of an individual , rather than
a state OMV, then use or disclosure of that information does not violate the OPPA.").
In opposition to the motion to dismiss, plaintiff relies heavily on the holding in Gershzon
v. Meta Platforms, Inc. , No. 23-CV-00083-Sl , 2023 WL 5420234 (N.O. Cal. Aug. 22, 2023).
There, however, unlike here, plaintiff alleged that he had opened an on line OMV account and that
in doing so provided his full name, email address, and telephone number. Id. at *3. He further
specifically alleged that he visited the website twice per year, at least in part to apply for a disability
placard. Additionally, " Gershzon alleges that Meta obtained his personal information from the
OMV website and that the OMV maintained thi s information after Gershzon provided it to the
OMV through his "MyOMV" online account." Gershzon, 2023 WL 5420234, at *8. Plaintiff
7
makes no similar allegations in her complaint. She alleges only that in August 2023 she visited the
myNCDMV website to conduct private business, that she also has a Facebook account, and that
defendant obtained and used her personal information. Comp!. ,r,r 43-46. Gershzon is therefore
factually distinguishable, and plaintiff's allegations are insufficient to state a claim.
In sum, plaintiff has failed to plausibly allege that defendant knowingly obtained any
personal information from a motor vehicle record. This Court is persuaded by the holding in
Keogh, which is premised on similar facts, and determines that plaintiff's complaint is
appropriately dismissed. 1
CONCLUSION
Accordingly, for the foregoing reasons, defendant's motion to dismiss [DE 15] is
GRANTED. Plaintiff's complaint is hereby DlSMISSED. The clerk is DIRECTED to close this
case.
SO ORDERED, this
/b day of May 2024.
:z:~P~
UNITED STA TES DISTRICT JUDGE
'Because the Court determines that plaintiff has failed to allege the existence of a motor vehicle
record, the Court need not address defendant's remaining arguments.
8
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
