Litigation and a lack of federal regulations have raised questions about who regulates access to vehicles’ personal and mechanical data.
By Jessie Zeigler and Jeremy A. Gunn
Emerging automotive technology has created novel questions about who should regulate access to personal and mechanical data in vehicles. Automakers in particular have found it difficult to determine whether the National Traffic and Motor Vehicle Safety Act of 1966 (the Safety Act) conflicts with state laws and regulations that govern emerging technology. The lack of a federal regulatory scheme governing emerging technology in vehicles has led to litigation as automakers are forced to determine whether to comply with or challenge the enforcement of certain state laws.
This issue came to a head in Alliance for Automotive Innovation v. Andrea Joy Campbell, 1:20-cv-12090, (D. Mass.), in which an automotive trade group that represents automakers (Automotive Innovation) sued Massachusetts’ attorney general, challenging the state’s “right to repair” law (the Data Access Law), which gave vehicle owners the ability to have repairs performed by independent or non-dealer maintenance shops. First passed in 2012, the Data Access Law was later strengthened in 2020 to require automakers to allow open remote access to a vehicle’s telematics system and mechanical data, including steering, acceleration, braking, air bags and electronic stability control (see the report from the U.S. Government Accountability Office, “Vehicle Repair: Information on Evolving Vehicle Technologies and Consumer Choice”). After the law’s enactment in 2012, automakers and independent repair shop owners entered into a nonbinding memorandum of understanding in 2014 in which automakers committed to providing independent repair shops and owners with equal access to necessary information, data and tools provided to dealerships. The 2020 amendment proved to be a step too far for automakers, thus leading to the lawsuit.
While the Campbell court held a bench trial in 2021, it has not issued an opinion yet and has continued to consider additional evidence. However, despite the ongoing litigation, the Massachusetts attorney general notified the court that her office would begin enforcing the law on June 1, 2023. Two weeks after enforcement began, the National Highway Traffic Safety Administration (NHTSA) notified automakers that the Data Access Law conflicted with the Safety Act and was thus preempted by the Safety Act. NHTSA voiced concerns that a “malicious actor” could use open access to a vehicle’s telematics system to remotely control the vehicle and manipulate its safety features, which could lead to vehicle crashes, injuries or deaths. NHTSA also stated its position that vehicles equipped with an open access telemetric system would be a safety defect and therefore subject to recall under the Safety Act.
In response to the NHTSA’s letter to automakers, Massachusetts Senators Elizabeth Warren and Edward J. Markey urged the NHTSA and the Department of Transportation to reverse course. Senators Warren and Markey questioned the NHTSA’s timing given that the NHTSA had over two years to raise the preemption argument during the litigation and several months since the Massachusetts attorney general announced her plans to go forward with enforcement. The letter also indicated that the NHTSA’s position conflicted with President Biden’s Executive Order on Promoting Competition in the American Economy, which outlines the administration’s policy “to combat . . . the harmful effects of monopoly and monopsony . . . [in] repair markets” and encourages the FTC to draft new regulations limiting manufacturers from restricting people’s ability to use independent repair shops or do DIY repairs.
A few months later, NHTSA reversed its position after conferring with the Massachusetts attorney general’s office, explaining that it supports automotive right-to-repair laws and noting that automakers could concurrently comply with the Data Access Law and the Safety Act. NHTSA proposed that automakers could allow access to a vehicle’s telematics system through short-range wireless connections, such as Bluetooth, which would allow independent repair facilities the ability to access mechanical data while preventing hackers from accessing vehicles’ data.
In response to NHTSA’s new letter, Automotive Innovation noted that it was not invited to participate in any discussions between the attorney general’s office and NHTSA and criticized NHTSA’s decision, saying the solutions NHTSA proposed for compliance with both the Data Access Law and the Safety Act failed to discuss the technical feasibility or safety of the proposal. Automotive Innovation asserted that NHTSA’s prior preemption determinations are still valid and there is “no industry-wide means to comply with the entirety of the Data Access Law that would not also conflict with [automakers’] Safety Act obligations” (see response from Automotive Innovation, 1:20-cv-12090, Dkt. 353 (D. Mass.)). Automotive Innovation concluded that it agrees with the attorney general’s office that compliance with the open access platform is not immediately available, but it would work with NHTSA and the attorney general’s office on a potential compliance methodology that would not be preempted by federal law.
Alliance for Automotive Innovation v. Campbell, still pending, reflects a growing struggle between automakers, states and the federal government on how to regulate emerging technology in vehicles, especially when the laws intersect with data privacy, antitrust, safety and intellectual property issues. While only six states have enacted right to repair laws, 30 other state legislatures are currently considering right to repair legislation (see Right to Repair, PIRG (2024), https://pirg.org/campaigns/right-to-repair). Until there is new federal guidance on emerging technology in vehicles, automakers should stay abreast of rapidly changing state laws and voluntary guidance issued by NHTSA.
About the Authors:
Jeremy A. Gunn is an attorney with Bass, Berry & Sims PLC in its Nashville, Tennessee, office. He focuses his practice on complex commercial disputes involving products liability, consumer and antitrust class actions, contracts and unfair competition.
Jessie Zeigler is a member at Bass, Berry & Sims PLC, where she chairs the Products Liability & Torts Practice Group and works closely with clients facing claims related to crisis management, products liability, environmental, health and safety, or general business litigation. Jessie has successfully defended class action claims, multidistrict litigation, and single-action claims for various types of product and mass tort cases across the country.
Tune in to hear from Chris Brown, Vice President of Sales at CADDi, a leading manufacturing solutions provider. We delve into Chris’ role of expanding the reach of CADDi Drawer which uses advanced AI to centralize and analyze essential production data to help manufacturers improve efficiency and quality.