This is an opinion of the Commissioner of Administration issued pursuant to section 13.072 of Minnesota Statutes, Chapter 13 - the Minnesota Government Data Practices Act. It is based on the facts and information available to the Commissioner as described below.
Notes: In 2013 the Legislature enacted Minnesota Statutes, section 13.356 which classifies as private certain personal contact and online account information.
The conclusion in this opinion has been superseded in part by the Minnesota Supreme Court, see Helmberger v. Johnson Controls, Inc., 839 N.W.2d 527 (Minn. 2013).
Facts and Procedural History:
Pursuant to Minnesota Statutes, Chapter 13, what is the classification of the data when they are not collected, created, received, maintained, or disseminated by the City of Buffalo, but are collected and maintained by GovDelivery, a privately owned and operated software service company, for the purpose of transferring important city alerts and notifications to registrants on behalf of the City?
Pursuant to Minnesota Statutes, Chapter 13, government data are public unless otherwise classified. (Minnesota Statutes, section 13.03, subdivision 1.)
In her opinion request, Ms. Mogen discusses that the City contracts with GovDelivery, a non-governmental entity. The Commissioner has not seen the contract. Ms. Mogen’s description of the contractual relationship is that GovDelivery monitors the City’s website and sends out email updates and alerts to individual subscribers. To provide this service on behalf of the City, GovDelivery collects and maintains certain subscriber information, including email addresses and cellular telephone numbers.
Frequently, government entities (subject to Chapter 13) contract with non-government organizations (not subject to Chapter 13) to perform functions on their behalf. Chapter 13 discusses these contractual relationships in several provisions, the most recent and comprehensive of which is in Minnesota Statutes, section 13.05, subdivision 11. This provision went into effect on August 1, 1999. It states, in part:
If a government entity enters into a contract with a private person to perform any of its functions, the government entity shall include in the contract terms that make it clear that all of the data created, collected, received, stored, used, maintained, or disseminated by the private person in performing those functions is subject to the requirements of this chapter and that the private person must comply with those requirements as if it were a government entity.
Here, pursuant to its contract with the City, GovDelivery, on behalf of the City, collects certain data from people. The data, then, are government data, subject to the requirements of Chapter 13.
The City argues the data could be classified as not public under Minnesota Statutes, section 13.15. The Commissioner disagrees and does not think section 13.15 applies. Section 13.15 classifies electronic access data as not public. Electronic access data are defined as, “data created, collected, or maintained about a person’s access to a government entity’s computer for the purpose of: (1) gaining access to data or information; (2) transferring data or information; or (3) using government services.” [Emphasis added.] The Commissioner’s understanding is that this section classifies the following types of data about a person accessing a government computer: the IP (internet protocol) address of the person’s computer, cookie information related to the person’s internet browsing, geographic information of the person’s computer, duration of time at the government website, person’s activity on the government’s website, and so on.
In the situation Ms. Mogen presented, the data in question are not data about the individuals’ access to a computer. Rather, they are data related to the data subjects wanting a service from the City.
In addition, the data classified by section 13.15 are typically not provided by the data subject. They are data unintentionally provided by the data subject during that person’s access to a government computer. In the situation before the Commissioner, the data subjects intentionally provided their email addresses and/or cellular phone numbers to GovDelivery, as it acted on behalf of the City.
The Commissioner’s conclusion is further buttressed by Advisory Opinion 01-093:
Here, the District is producing an electronic newsletter. The District has collected the data in question because the subjects of the data wish to receive a copy of the newsletter. There is no provision in Chapter 13 or another statute that classifies these data as anything other than public. Therefore, the names, e-mail addresses, and telephone numbers of the subscribers are public.
Here, the City (via GovDelivery) collected the subscriber information because the subjects of the data wish to receive notice of updates to and alerts from the City’s website. There is no provision in Chapter 13 or another statute that classifies these data as anything other than public.
If the data collected and maintained by GovDelivery are classified as government data, are they protected by the Data Practices Act, more specifically, Minnesota Statutes, section 13.15?
See Issue 1.
Based on the facts and information provided, my opinion on the issues that Ms. Mogen raised is as follows:
Dana B. Badgerow
Dated: August 26, 2008