You can screech about "not a right" all you want but there's federal law (DDPA) that limits how easily states can reveal driver's PII. Usually a documented business purpose (i.e sending spam mail) is required.

This Michigan thing sounds like it walks right up to the line if not over it.

https://www.law.cornell.edu/uscode/text/18/2721