THE CONVERSATION — Cars are no longer just a means of transportation. They have become rolling hubs of data communication. Modern vehicles regularly transmit information wirelessly to their manufacturers.

However, as cars grow “smarter,” the right to repair them is under siege.

As legal scholars, we find that the question of whether you and your local mechanic can tap into your car’s data to diagnose and repair spans issues of property rights, trade secrets, cybersecurity, data privacy and consumer rights. Policymakers are forced to navigate this complex legal landscape and ideally are aiming for a balanced approach that upholds the right to repair, while also ensuring the safety and privacy of consumers.

Understanding telematics and right to repair

Until recently, repairing a car involved connecting to its standard on-board diagnostics port to retrieve diagnostic data. The ability for independent repair shops — not just those authorized by the manufacturer — to access this information was protected by a state law in Massachusetts, approved by voters on Nov. 6, 2012, and by a nationwide memorandum of understanding between major car manufacturers and the repair industry signed on Jan. 15, 2014.

However, with the rise of telematics systems, which combine computing with telecommunications, these dynamics are shifting. Unlike the standardized onboard diagnostics ports, telematics systems vary across car manufacturers. These systems are often protected by digital locks, and circumventing these locks could be considered a violation of copyright law. The telematics systems also encrypt the diagnostic data before transmitting it to the manufacturer.

This reduces the accessibility of telematics information, potentially locking out independent repair shops and jeopardizing consumer choice — a lack of choice that can lead to increased costs for consumers.

Also, these telematics systems fall outside the scope of the original Massachusetts legislation and the nationwide memorandum of understanding. Recognizing the pivotal role diagnostic data plays in vehicle maintenance and repair, 75% of Massachusetts voters approved a ballot initiative on Nov. 3, 2020, to amend the state’s repair legislation. The amendment aims to ensure that the switch to telematics does not curtail an effective right to repair vehicles.

Specifically, the new law requires manufacturers selling telematics-equipped vehicles from the 2022 model year onward to provide car owners and their chosen repair shops access to the vehicle’s mechanical data through an interoperable, standardized and open-access telematics platform. Access should also encompass the ability to relay commands to components of the vehicle, if necessary, for maintenance, diagnostics and repair. Voters in Maine overwhelmingly approved a similar measure on Nov. 7, 2023.

However, the Massachusetts law was the subject of a lawsuit in federal court shortly after voters approved it in 2020, and it was suspended until June 1, 2023.

Safety and privacy concerns

While the amendment makes significant strides toward creating a level playing field in vehicle maintenance and repair, the National Highway Traffic Safety Administration and car manufacturers have raised concerns about the legislation.

The National Highway Traffic Safety Administration’s main concern revolves around cybersecurity vulnerabilities with potential ramifications for vehicle safety, particularly the amendment’s provision for two-way access. A hacker could potentially take control of a car’s critical systems like accelerator, brakes and steering. Consequently, the agency recommended that car manufacturers not adhere to the law.

A related argument is that Massachusetts law is preempted by federal law. This forms the basis of a lawsuit filed in November 2020 by the Alliance for Automotive Innovation against Massachusetts’ attorney general.

The manufacturers assert that abiding by the state law would inevitably put them in breach of federal statutes and regulations, such as the National Traffic and Motor Vehicle Safety Act. This lawsuit was pending as of press time, although the Massachusetts attorney general declared the law effective as of June 1, 2023.

Critics also emphasize the privacy concerns associated with open access to telematics systems. Granting third-party access could expose personal details, especially real-time location data. Advocacy groups warn that this information might be used as a tracking tool by potential abusers and others aiming to exploit people.

Recent developments

The National Highway Traffic Safety Administration and Massachusetts’ attorney general appear to have reached a consensus on alterations to the law, and the administration has dropped its recommendation that manufacturers disregard the law.

The primary adjustment would mean a telematics platform would be in compliance with the right to repair law if it were accessible within close proximity to the vehicle — for example, via Bluetooth. The National Highway Traffic Safety Administration confirmed that this would be safer and align with federal law.

However, repair advocates have criticized this change as unduly restrictive. They argue that it gives authorized car dealers an unfair advantage over independent repair shops because the manufacturers allow the dealers to access the data remotely.

A new federal bill, the REPAIR Act, was recently introduced in the House, seeking to require vehicle manufacturers to provide access to in-vehicle diagnostic data, including telematics. This bill’s first hearing occurred on Sept. 27, 2023, and the bill passed out of subcommittee on Nov. 2.

Who owns your car’s data?

One issue left unresolved by the legislation is the ownership of vehicle data. A vehicle generates all sorts of data as it operates, including location, diagnostic, driving behavior, and even usage patterns of in-car systems — for example, which apps you use and for how long.

In recent years, the question of data ownership has gained prominence. In 2015, Congress legislated that the data stored in event data recorders belongs to the vehicle owner. This was a significant step in acknowledging the vehicle owner’s right over specific datasets. However, the broader issue of data ownership in today’s connected cars remains unresolved.

Whether data should be subject to property rights is a matter of debate. If deemed property, it seems logical to award these rights to the vehicle owner because the vehicle creates the data while used by the owner. However, through contractual terms and digital locks, manufacturers effectively secure control over the data.

The question of ownership aside, the crux of the matter for right to repair is guaranteed access for vehicle owners to their vehicles’ data.

A way forward

While concerns surrounding the Massachusetts legislation have merit, we believe they should not overshadow the need to preserve a competitive space in the auto repair sector and preserve the right to repair. This matters not only for safeguarding consumers’ autonomy and ensuring competitive pricing, but also for minimizing environmental waste from prematurely discarded vehicles and parts.

The hope is that policymakers and the industry can strike a balance: upholding the right to repair without compromising safety and privacy. One possibility is developing tools that segregate sensitive personal information from mechanical data.

Ultimately, a successful implementation of the new law in Massachusetts may pave the way for a renewed nationwide memorandum of understanding, capturing the essence of the original memorandum of understanding and preserving the right to repair cars in the face of rapidly advancing technologies.