Automotive data and software company CDK Global LLC (CDK) filed suit in 2019 against the Arizona Attorney General in the U.S. District Court for the District of Arizona seeking an injunction against a new law from taking effect.

The new law increased privacy protections for consumers whose data are collected by car dealers and prevents database providers (such as CDK) from limiting access to dealer data by dealer-authorized third parties. The law also requires providers to create a standardized framework to facilitate such access. This law is similar to the Massachusetts “right to repair” law that we wrote about last year.

The U.S. District Court denied CDK’s request for injunctive relief and this week the Ninth Circuit Court of Appeals affirmed that decision.

In its appeal, CDK argued that Arizona’s law was preempted by the Copyright Act, claiming that the law allows dealers the right to access CDK’s systems and create unlicensed copies of its dealer management system, application programming interfaces, and data compilations. However, the Ninth Circuit disagreed and said that it would be possible for CDK to comply with this law without having to create a new copy of its software for these third-party requests. The Court further reflected that, even if CDK had to create new copies, it had not established that such copies would infringe on its reproduction right.

CDK also argued that the law violates the U.S. Constitution’s contracts clause. However, again, the Ninth Circuit disagreed, holding that CDK did not show that the statute impairs its ability to perform its contracts. The Ninth Circuit also agreed with the district court’s finding that CDK could fulfill its data security obligations while still complying with the statute’s mandate. The Court held that there is “no basis to question the judgment of the Arizona Legislature that the statute promotes the common good through the advancement of consumer privacy and competition.”