Massachusetts Voters Approve Vehicle Data Access Initiative

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP

Voters in Massachusetts overwhelmingly approved a ballot initiative that gives independent mechanics greater access to vehicle data, a move that vehicle manufacturers have foreshadowed could have significant cyber and privacy risk for automobiles and their drivers.  Specifically, the measure allows independent mechanics (those not affiliated with a manufacturer) access to telematics data, which wirelessly collect and transmit mechanical data relating to a car’s performance and maintenance. The initiative, available here, updates and expands a “right-to-repair” law that was signed into law in 2013, giving independent repair shops universal access to vehicle diagnostic data via the physical onboard diagnostics port. Although opponents of the initiative argued that it would do nothing to improve the consumer experience, proponents contended that the amendment was necessary because the 2013 law specifically excluded access to most telematics, which allegedly put independent repair shops at a disadvantage. The initiative is seen as a win for independent repair shops; however, it comes with possible cybersecurity concerns surrounding the usage and storage of personal data. The approved initiative requires manufacturers to equip vehicles with an “open data” platform that will allow motor vehicle owners and independent repair facilities access to onboard diagnostic systems via a mobile app, starting with year 2022 models, which are already currently in production.  Just as the enactment of the original right-to-repair law spurred automakers to adopt a nationwide standard for access to diagnostics ports, it is likely that the passage of this initiative will have a nationwide effect.

A major point of contention with the approved ballot initiative is the definition of “mechanical data,” which is defined as “any vehicle-specific data, including telematics system data, generated, stored in or transmitted by a motor vehicle used for or otherwise related to the diagnosis, repair or maintenance of the vehicle.” While this definition is helpful for car manufacturers, opponents of the initiative have pointed out that different car manufacturers define telematics data in different ways, and that a more granular definition of what data should be included in telematics data is absent from the initiative.

Another concern is the protection of the data that is shared, and ensuring that car manufacturers have enough time to create data platforms with security measures that comply with current data privacy and cybersecurity laws. Since model year 2022 cars are currently being designed and built, opponents have signaled that requiring auto manufacturers to create a secure platform on an accelerated timeline could lead to data security vulnerabilities. The language in the initiative, as currently written, does not specify what protections should be incorporated into the law. However, this warning has come from the largest and most vocal cadre of opponents—a coalition of automakers—who similarly opposed the enactment of the 2013 law.  Since the data platforms used to transmit the data will need to be designed by the auto manufacturers, right now it is up to each manufacturer to decide the level of protections incorporated into their platform. 

Our cybersecurity team is available to assist clients in interpreting how this new initiative may affect their business and their compliance efforts. We will continue to update this space with analysis of the progress of this initiative.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Written by:

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.