Legal Update
Aug 4, 2020
DMS Providers Fare No Better Than Automakers in Constitutional Challenge to Arizona Dealer Statute
An Arizona federal court recently rebuffed efforts by the two leading US providers of dealership management systems (“DMS”), CDK Global and Reynolds & Reynolds, to enjoin the enforcement of amendments to the Arizona dealer statute that would prohibit DMS providers from blocking third party access to those platforms to extract dealer data. On July 24, 2020, the court in CDK Global LLC v. Brnovich entered an order denying a motion for preliminary injunction by the DMS providers, finding that they had failed to show a likelihood of success on their constitutional challenge to the amendments.
The Dealer Data Security Law, Ariz. Rev. Stat. § 28-4651 et seq., enacted in March 2019, amended the Arizona dealer statute to make it a criminal offense for DMS providers to prevent a third party who has been authorized by a dealer and who satisfies industry data security standards “from integrating into the dealer’s dealer data system or placing an unreasonable restriction on” third party access to a dealer’s DMS system. Because dealers use DMS platforms to manage confidential consumer and proprietary data, process transactions, and handle confidential data communications, DMS providers employ technological measures to safeguard their systems from unauthorized access or breach.
In July 2019, shortly before the statutory amendments were scheduled to take effect, CDK and Reynolds & Reynolds filed suit, arguing that the law illegally interfered with their right to control, protect, and manage their intellectual property, and in August 2019, they moved for a preliminary injunction barring the state from enforcing the new measures. After the court issued an order in May 2020 dismissing a number of claims, the DMS providers offered evidence in support of their remaining claims and their preliminary injunction motion at an evidentiary hearing held in June 2020. First, the DMS providers argued that the Dealer Data Security Law is preempted by the Copyright Act because it infringes on their right to protect “copyrightable elements” such as source code, screen layouts and graphical content, text, and the organization and display of information, and would result in unauthorized use and copying of their copyrighted intellectual property. Second, they contended that the law violates the Contracts Clause of the US Constitution because it nullifies their “contractual right to control, and charge proper fees for, access to” their systems, and impairs their “ability to comply with their contractual data-security obligations.” Finally, they argued that the law violates the Takings Clause because it enables third parties to “occupy” their hardware and take their copyrighted intellectual property.
On July 24, 2020, the district court issued an order denying the DMS providers preliminary injunction motion because the DMS providers had failed to show a likelihood of success on any of their three claims. First, the court found that the Dealer Data Security Law could be interpreted in a way that would allow CDK and Reynolds & Reynolds to comply with the law without interfering with their rights under the Copyright Act. For example, the DMS providers could set up an application programming interface (API) to allow third parties access to dealer data without exposing the DMS providers’ copyrighted source code or providing “direct access” to DMS platforms by third parties.
Second, the court found that the DMS providers had failed to show a substantial impairment to their contract rights in violation of the Contracts Clause because the law does not require that third parties have “direct access” to protected aspects of plaintiffs’ proprietary systems, but instead requires the DMS providers to make available a “standardized framework” for the “exchange, integration and sharing of data from dealer data systems with authorized integrators.” The court explained that the DMS providers have no ownership interest in the underlying information in their databases—so-called “dealer protected data”—to which the statute grants access. The court further determined that, even if the law did “substantially impair” the DMS providers’ contractual rights, it was “drawn in an appropriate and reasonable way to advance a significant and legitimate public purpose”—to “allow a dealer to grant third-party access to [data] that can be considered the dealer’s protected data,” and “prevent the DMS provider from monopolizing data that is not its own to its great financial advantage.”
Finally, questioning whether the “occupation” of an “intangible interest” like a DMS could even constitute a physical “taking,” the court found the Takings Clause claim unlikely to succeed because the law did not require “direct access” to DMS systems by third parties. The court also determined that the DMS providers had failed to show that the law deprived them of all economically beneficial use of their property (as required for a regulatory “taking”) because only a small percentage of the DMS providers’ income stream and total profits came from efforts to charge third-party integrators for access to their DMS platforms. The court explained that the law therefore presented only “minimal” economic impact to the DMS providers. The DMS providers have appealed the decision to the US Circuit Court of Appeals for the Ninth Circuit and have sought a stay of enforcement of the statute while the appeal is pending.
For automakers, the difficulty encountered by the DMS providers in establishing that the dealer statute violates the Contracts and Takings Clauses of the US Constitution will be familiar, as car manufacturers and their trade associations have tried for years to find some outer limit to the power of states to regulate in favor of car dealers. So far, it appears DMS providers are having no greater success locating that outer limit.