December 2, 2021

Volume XI, Number 336

Advertisement
Advertisement

December 01, 2021

Subscribe to Latest Legal News and Analysis

November 30, 2021

Subscribe to Latest Legal News and Analysis

November 29, 2021

Subscribe to Latest Legal News and Analysis

Automotive Data Company Loses Fight for an Injunction Against New Consumer Privacy Statute

Automotive data and software company CDK Global LLC (CDK) filed suit in 2019 against the Arizona Attorney General in the U.S. District Court for the District of Arizona seeking an injunction against a new law from taking effect.

The new law increased privacy protections for consumers whose data are collected by car dealers and prevents database providers (such as CDK) from limiting access to dealer data by dealer-authorized third parties. The law also requires providers to create a standardized framework to facilitate such access. This law is similar to the Massachusetts “right to repair” law that we wrote about last year.

The U.S. District Court denied CDK’s request for injunctive relief and this week the Ninth Circuit Court of Appeals affirmed that decision.

In its appeal, CDK argued that Arizona’s law was preempted by the Copyright Act, claiming that the law allows dealers the right to access CDK’s systems and create unlicensed copies of its dealer management system, application programming interfaces, and data compilations. However, the Ninth Circuit disagreed and said that it would be possible for CDK to comply with this law without having to create a new copy of its software for these third-party requests. The Court further reflected that, even if CDK had to create new copies, it had not established that such copies would infringe on its reproduction right.

CDK also argued that the law violates the U.S. Constitution’s contracts clause. However, again, the Ninth Circuit disagreed, holding that CDK did not show that the statute impairs its ability to perform its contracts. The Ninth Circuit also agreed with the district court’s finding that CDK could fulfill its data security obligations while still complying with the statute’s mandate. The Court held that there is “no basis to question the judgment of the Arizona Legislature that the statute promotes the common good through the advancement of consumer privacy and competition.”

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 301
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kathryn Rattigan Attorney Cybersecurity Data Privacy
Associate

Kathryn Rattigan is a member of the firm's Business Litigation Group and Data Privacy + Cybersecurity Team. She advises clients on data privacy and security, cybersecurity, and compliance with related state and federal laws. Kathryn also provides legal advice regarding the use of unmanned aerial systems (UAS, or drones) and Federal Aviation Administration (FAA) regulations. She represents clients across all industries, such as insurance, health care, education, energy, and construction.

Data Privacy and Cybersecurity Compliance

Kathryn helps clients comply...

401-709-3357
Advertisement
Advertisement
Advertisement