Ninth Circuit Rejects Offer to Preliminary Adherence to Arizona Dealer Data Security Act – Privacy

On Monday, October 25, the Ninth Circuit Court of Appeal issued its long-awaited decision decision in the case brought by the two major US providers of dealership management systems (“DMS”), CDK Global and Reynolds & Reynolds, to ban the application of amendments to the Arizona Dealer Act that would prohibit DMS providers to block third-party access to these platforms to extract dealer data. The Ninth Circuit upheld the district court order dismissing the DMS providers’ preliminary injunction petition, agreeing with the district court that the providers were unlikely to succeed on the merits of their constitutional and legal claims on copyright.

The Dealer Data Security Act, Arizona Rev. Stat. § 28-4651 et seq., enacted in March 2019, amended the Arizona Dealer Act to prohibit DMS vendors from “taking[ing] any action by contract, technical or other means to prohibit or limit a reseller’s ability to protect, store, copy, share or use “the data that the reseller has stored in their DMS. The law further prohibits DMS providers prevent third parties (who have been authorized by a reseller and meet industry data security standards) “from integrating into the reseller’s data system”, or otherwise “impose an unreasonable restriction on the ‘integration’ and requires DMS providers to ”[a]dopt and provide a standardized framework for exchanging, integrating and sharing data “with approved integrators. This framework must comply with industry data security standards and be implemented at the using an “open application programming interface[], “or” API “, unless an API is” not the reasonable business or technical standard for secure data integration “, in which case a DMS provider may instead” provide an on-access integration method free similar “.

In July 2019, shortly before the statutory changes took effect, CDK and Reynolds & Reynolds filed a lawsuit in federal court arguing that the law unlawfully interfered with their right to control, protect and manage their intellectual property, and in August 2019, they applied for a preliminary injunction prohibiting the state from applying the new measures. After the district court issued an order in May 2020 dismissing several of the claims, the DMS providers presented evidence in support of their remaining claims and their preliminary injunction motion at an evidentiary hearing held in June 2020. DMS vendors have argued that the Dealer’s Data Security Act: (1) is preempted by Copyright Act because it infringes their right to protect “copyrighted material”. ‘author’ such as the source code, screen layouts and graphic content, text, as well as the organization and display of information, and would result in unauthorized use and copying of their copyrighted intellectual property. copyright; (2) violates the contractual clause of the United States Constitution as it nullifies their “contractual right to control and charge an appropriate fee for access to” their systems, and compromises their “ability to comply with their contractual obligations in terms of data security ”; and (3) violates the Levies Clause because it allows third parties to “occupy” their material and take their copyrighted intellectual property.

On July 24, 2020, the district court dismissed the preliminary injunction petition, finding that the DMS providers had not demonstrated a likelihood of success on their remaining claims. The court ruled that the Dealer Data Security Act could be interpreted in a way that allows DMS providers to comply with the law without infringing their rights under copyright law. For example, DMS providers could set up an API to allow third parties to access dealer data without exposing the copyrighted source code of DMS providers or providing “direct access” to DMS platforms by some thirds. The court also concluded that the DMS providers had not demonstrated a substantial infringement of their contractual rights in violation of the contractual clause because the law does not require third parties to have “direct access” to the protected aspects of the systems. owners of DMS vendors, but instead requires vendors to provide a “standardized framework” for “the exchange, integration and sharing of data from dealer data systems with authorized integrators”, and DMS providers have no ownership rights over the underlying information in their databases. referred to as “dealer-protected data” – to which the law provides access. Finally, while questioning whether the “occupation” of an “intangible interest” such as a DMS could even constitute a physical “take”, the court considered that the claim of the clause of taking possession was unlikely to be successful. ‘succeed because the law did not require “direct access” to DMS systems. by third parties and DMS providers had not demonstrated that the law deprived them of any economically beneficial use of their property (as required by a regulatory ‘take’) given that only a small percentage of providers’ revenue stream of DMS and total profits came from efforts to charge third-party integrators for access to their DMS platforms.

The DMS providers appealed the district court’s denial of a preliminary injunction to the United States Court of Appeals for the Ninth Circuit. In its Monday ruling, the Ninth Circuit broadly endorsed the district court’s reasoning and conclusions and also found that DMS providers were unlikely to be successful on the merits of their claims. Regarding the request for pre-emption under copyright law, the court determined that there was no pre-emption of conflict because the federal and state laws are not irreconcilable and the DMS providers had failed to provide the necessary evidence for a “face challenge” to the law –that is to say, that any possible application of the dealer data security law would conflict with copyright law. The contract clause and direct debit claims were also unlikely to be successful, the court said, as DMS vendors failed to demonstrate that dealer data security law impeded their ability to perform. their contractual obligation to keep dealer data confidential and, in any event, the law has been reasonably compelled to serve important public objectives of promoting consumer data privacy and competition, and the law has not no effect either in itselfphysical withdrawal or constitute a regulatory withdrawal.

The Ninth Circuit decision echoes many of the same difficulties that automakers and their trade associations have faced in constitutional challenges to the statutes of state dealers. As legislatures continue to pass changes to these laws that increasingly interfere with the property rights and contractual rights of third parties, and which appear to be designed to protect dealers from competition and innovation rather than to actually benefit the consumer, it remains to be seen if and where limits will be drawn on the power of states to regulate in favor of dealers.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.