Legal Update

Oct 27, 2021

Ninth Circuit Denies Bid To Preliminarily Enjoin Arizona’s Dealer Data Security Law

Seyfarth's Future of Automotive Series
Click for PDF

On Monday, October 25, the Ninth Circuit Court of Appeals issued its long-awaited decision in the case brought by the two leading US providers of dealership management systems (“DMS”), CDK Global and Reynolds & Reynolds, to enjoin the enforcement of amendments to the Arizona dealer statute that would prohibit DMS providers from blocking third party access to those platforms to extract dealer data. The Ninth Circuit affirmed the district court’s order denying the DMS providers’ motion for preliminary injunction, agreeing with the district court that the providers were unlikely to succeed on the merits of their constitutional and Copyright Act claims.

The Dealer Data Security Law, Ariz. Rev. Stat. § 28-4651 et seq., enacted in March 2019, amended the Arizona dealer statute to prohibit DMS providers from “tak[ing] any action by contract, technical means or otherwise to prohibit or limit a dealer’s ability to protect, store, copy, share or use” data the dealer has stored in its DMS. The law further prohibits DMS providers from preventing third parties (who have been authorized by a dealer and who satisfy industry data security standards) “from integrating into the dealer’s data system,” or otherwise “placing an unreasonable restriction on integration,” and requires DMS providers to “[a]dopt and make available a standardized framework for the exchange, integration and sharing of data” with authorized integrators. This framework must comply with industry data security standards and be implemented using an “open application programming interface[],” or “API,” unless an API is “not the reasonable commercial or technical standard for secure data integration,” in which case a DMS provider may instead “provide a similar open access integration method.”

In July 2019, shortly before the statutory amendments were scheduled to take effect, CDK and Reynolds & Reynolds filed suit in federal court, arguing that the law illegally interfered with their right to control, protect, and manage their intellectual property, and in August 2019, they moved for a preliminary injunction barring the state from enforcing the new measures. After the district court issued an order in May 2020 dismissing several of the claims, the DMS providers offered evidence in support of their remaining claims and their preliminary injunction motion at an evidentiary hearing held in June 2020. The DMS providers argued that the Dealer Data Security Law: (1) is preempted by the Copyright Act because it infringes on their right to protect “copyrightable elements” such as source code, screen layouts and graphical content, text, and the organization and display of information, and would result in unauthorized use and copying of their copyrighted intellectual property; (2) violates the Contracts Clause of the US Constitution because it nullifies their “contractual right to control, and charge proper fees for, access to” their systems, and impairs their “ability to comply with their contractual data-security obligations”; and (3) violates the Takings Clause because it enables third parties to “occupy” their hardware and take their copyrighted intellectual property.

On July 24, 2020, the district court denied the motion for preliminary injunction, having concluded that the DMS providers failed to show a likelihood of success on their remaining claims. The court found that the Dealer Data Security Law could be interpreted in a way that would allow the DMS providers to comply with the law without interfering with their rights under the Copyright Act. For example, the DMS providers could set up an API to allow third parties access to dealer data without exposing the DMS providers’ copyrighted source code or providing “direct access” to DMS platforms by third parties. The court also found that the DMS providers had failed to show a substantial impairment to their contract rights in violation of the Contracts Clause because the law does not require that third parties have “direct access” to protected aspects of the DMS providers’ proprietary systems, but instead requires the providers to make available a “standardized framework” for the “exchange, integration and sharing of data from dealer data systems with authorized integrators,” and the DMS providers have no ownership interest in the underlying information in their databases—so-called “dealer protected data”—to which the statute grants access. Finally, while questioning whether the “occupation” of an “intangible interest” like a DMS could even constitute a physical “taking,” the court found the Takings Clause claim unlikely to succeed because the law did not require “direct access” to DMS systems by third parties and the DMS providers had failed to show that the law deprived them of all economically beneficial use of their property (as required for a regulatory “taking”) since only a small percentage of the DMS providers’ income stream and total profits came from efforts to charge third-party integrators for access to their DMS platforms.

The DMS providers appealed the district court’s denial of a preliminary injunction to the U.S. Court of Appeals for the Ninth Circuit. In its decision on Monday, the Ninth Circuit largely agreed with the district court’s reasoning and findings and similarly held that the DMS providers were unlikely to succeed on the merits of their claims. As to the Copyright Act preemption claim, the court determined that there is no conflict preemption because the state and federal laws are not irreconcilable and the DMS providers had not made the necessary showing for a “facial challenge” to the statute––i.e., that every possible application of the Dealer Data Security Law would conflict with the Copyright Act. The Contracts Clause and Takings claims also were unlikely to succeed, according to the court, because the DMS providers did not demonstrate that the Dealer Data Security Law impaired their ability to discharge their contractual duty to keep dealer data confidential, and in any event the law was reasonably drawn to serve important public purposes of promoting consumer data privacy and competition, nor did the law effect a per se physical taking or constitute a regulatory taking.

The Ninth Circuit’s decision echoes many of the same difficulties automakers and their trade associations have faced in constitutional challenges to state dealer statutes. As legislatures continue to enact amendments to those statutes that increasingly interfere with third-party property and contract rights, and that appear to be designed to shield dealers from competition and innovation rather than actually benefitting the consumer, it remains to be seen whether and where meaningful limits will be drawn on the power of states to regulate in favor of dealers.

   

 

 

Related Trends