Dealer Management Systems Providers Allowed to Proceed With Challenge To Arizona Dealer Data Security Law

On Wednesday, May 20, 2020, an Arizona federal district court judge issued a long-awaited order on motions to dismiss a complaint filed by CDK Global LLC (CDK) and Reynolds & Reynolds Company (Reynolds) challenging amendments to the Arizona state dealer statute, A.R.S. §§ 28-4651 et seq., intended to regulate access to Dealer Management System (DMS) platforms provided to car dealers by those two companies. The court’s order denying in part and granting in part motions to dismiss filed by Arizona state officials and the Arizona Automobile Dealers Association sets up a high stakes two-day evidentiary hearing at which CDK and Reynolds will be allowed to offer evidence that the amendments to the dealer statute were not drawn in a reasonable way to advance a legitimate public purpose, but rather, were special interest laws intended only to benefit dealers at the expense of the statutory, property, and contract rights of DMS providers.

Background. DMS providers develop and operate proprietary computer systems to process data from various sources, and they go to great lengths to protect their data from unauthorized access, including the use of secure login credentials, CAPTCHA prompts, and extensive cybersecurity measures. DMS providers enter into agreements with car dealers, allowing dealers to access, manage, and maintain confidential consumer data and proprietary data through a DMS. The agreements typically provide that dealers are prohibited from granting access to the DMS platform by third parties without express authorization from the DMS provider.

In March 2019, the Arizona legislature enacted the Dealer Data Security Law, A.R.S. §§ 28-4651 et seq., which, among other things, amended the Arizona dealer statute to make it a criminal offense for DMS providers to deny third parties access to a dealer’s licensed DMS, on the grounds that the third party failed to obtain the DMS provider’s authorization. In July 2019, shortly before these provisions were due to go into effect, CDK and Reynolds, the two leading DMS providers in the United States, challenged these amendments to the dealer statute, arguing that the amendments were preempted by the Copyright Act, Computer Fraud and Abuse Act (CFAA), Digital Millennium Copyright Act (DMCA), Defend Trade Secrets Act (DTSA), and Gramm-Leach-Bliley Act (GLBA), and also violated the Takings Clause, Contracts Clause, Due Process Clause, Commerce Clause, and First Amendment of the US Constitution.

At its core, the complaint filed by the DMS providers argued that the amendments unlawfully interfere with the property and contract rights of DMS providers to control, protect, and manage the manner in which their own systems, proprietary data, and intellectual property are accessed by dealers and third parties. In August 2019, the DMS providers sought a preliminary injunction barring Arizona officials from enforcing these provisions, and in September 2019, Arizona state officials and the Arizona Automobile Dealers Association moved to dismiss the complaint filed by the DMS providers. The parties agreed that Arizona officials would take no action to enforce the amendments while the motion for preliminary injunction was pending.

The Court Upholds Key Portions of the Complaint. On May 20, 2020, the court held that the DMS providers had adequately pled claims that the Dealer Data Security Law was preempted by the Copyright Act and violated the Takings Clause and Contracts Clause of the US Constitution. The court also dismissed a claim that the amendments violated the First Amendment with leave for the DMS providers to amend their complaint. The court subsequently ordered the parties to appear for a two day evidentiary hearing to be held between June 2-3 on the motion by the DMS providers for a preliminary injunction based on their remaining claims.

Of particular interest to auto manufacturers, the court ruled that the DMS providers had successfully stated a claim for violation of the Takings Clause, finding that a statutory provision forcing the DMS providers to give third parties access to the DMS platforms could constitute an unlawful interference with the plaintiffs’ property rights. The court also determined that a provision of the statute providing that the existing contracts between the DMS providers and their dealer customers are terminable on 90 days’ notice could serve as a substantial impairment to the plaintiffs’ contract rights in violation of the Contracts Clause. The court also concluded that the DMS providers should be permitted to develop a record so that the court could assess whether the amendments were “drawn in an ‘appropriate’ and ‘reasonable’ way to advance ‘a significant and legitimate public purpose.’”

In recent years, state dealer trade associations have proposed and legislatures have enacted amendments to state dealer statutes that increasingly interfere with the property and contract rights of manufacturers. Manufacturers have had little, if any, success in challenging these statutes; in January 2016, the Federal Trade Commission held a workshop to investigate whether consumers actually benefit from dealer statutes that appear to be designed to shield dealers from innovation, rather than protect competition for the benefit of consumers. Depending on the outcome of this case in Arizona, the efforts by the DMS providers to challenge changes to the Arizona dealer statute intended to benefit the special interests of dealers may represent a significant development for manufacturers seeking to vindicate their property and contract rights in a variety of contexts, from warranty reimbursement to right to repair.