BLOG POST

Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

In November 2020, Massachusetts voters approved Question One, a ballot initiative amending the Commonwealth’s 2012 Right to Repair Law. The amendment provides that motor vehicles sold in Massachusetts “with model year 2022” will be required “to equip any such vehicles that use telematics systems – systems that collect and wirelessly transmit mechanical data to a remote server – with a standardized open access data platform. Owners of motor vehicles with telematics systems would get access to mechanical data through a mobile device application.”

With authorization of the owner, such telematics data will be available to independent repair facilities and dealerships not otherwise affiliated with the manufacturer of the vehicle, who will “send commands to, the vehicle for repair, maintenance, and diagnostic testing.” Prior to the passage of the initiative, manufacturers had the ability to develop and implement proprietary vehicle diagnostic and reprogramming devices, which they would make available to independent repair facilities “upon fair and reasonable terms.” Now, however, on-board diagnostic systems will become standardized and a contractual relationship between the manufacturer and the independent repair facility will no longer be required.

Proponents of the initiative argued on the ballot that the proposal would provide greater consumer control over telematic data while maintaining one’s ability to choose where their vehicle is repaired “even as cars become more computerized.” Proponents further argued it would protect independent repair facilities from the need to obtain approval from a vehicle manufacturer prior to accessing such telematic data via an open access data platform. Conversely, opponents of the initiative argued that the amendment would create cybersecurity and safety concerns, and that consumers’ vehicle information and location data could be accessed remotely in real time by third-party bad actors. Also, in a letter to the Massachusetts Legislature, the National Highway Traffic Safety Administration expressed concerns, stating the initiative was vague in its description of creating a secure platform, and that certain cybersecurity issues could arise from the initiative, such as “the possibility of a software vulnerability potentially being used by malicious actors to cause a crash or incident.” Despite these concerns, however, the law passed with almost 75% approval.

Now that the initiative has passed, the actual development of the open access data platform begins, and some proponents have already called for the Massachusetts Legislature to be involved in overseeing the creation thereof to ensure that consumers’ telematic data is protected from malicious actors. Once the platform is available though, it is unclear how the general public will be notified and provided access, as such topics have yet to be clearly addressed. Additionally, the question of whether it is actually possible for manufacturers to properly outfit their “model year 2022” to meet the requirements set forth in the initiative is legitimate considering it is already 2021 and the 2022 models for some vehicles will likely be released before year’s end. As one can see, although the passage of Question 1 is a step forward for consumer data access and control, like other data initiatives before it, there are many questions left to be answered.