Right-to-repair Act

Right To Repair Act: Vehicle Data Access Enables Industry Growth

For decades, manufacturers across industries, including automobile, mobile, computer, gaming and more, have championed a “walled garden” approach where they tightly manage the product lifespan and all the services associated with it. The increased creation, garnering, and usage of data has provided all types of manufacturers, and auto manufacturers in particular, an opportunity to deliver more value deeper into the customer journey in and around the car.

The advent of the right-to-repair regulations, which are gaining momentum in the US and EU, serve consumer interests and aftermarket player growth, have led to opening new paths for manufacturers to deliver value from data to their customer community.

In the U.S, the consumers right-to-repair their products has been a prime driver to opening the aftermarket. In contrast, the impetus for the right-to-repair movement in the EU was reducing environmental impact and waste, as well as to spur growth among independent repair facilities. Just as their origins are varied, so have been the tactical approaches of each government. Some aspects are being addressed at the federal and European level, while much legal exploration and experimentation is taking place at the state and national level.

Right to Repair Movement United States (Massachusetts) European Union
Impetus Consumer Rights Reduction of Environmental Impact and Waste Spur Growth of Independent Repair Workshops
Law or Regulation Enacted 2012 – Right to Repair Initiative 2020 – Right to Repair Law 2020 – European Union’s Regulation (EU) 2018/858


Massachusetts: Right-To-Repair Law

In 2012, Massachusetts voters passed a right-to-repair initiative that requires car manufacturers to sell diagnostic software to third-party repair shops. This software was exclusively available to their dealerships, giving them an advantage over independent auto-repair shops. The 2012 right-to-repair law allows owners and independent repair shops to access car diagnostic data via an OBDII port, from 2018 models and onward. By 2014, the industry agreed (in a memorandum of understanding) to extend the coverage to the entire country.

This right-to-repair law, however, exempted wireless data. As connected cars and wireless telematics systems became increasingly available, the need to update the law became evident. In 2020, Massachusetts voters broadened the right-to-repair to include wireless telematics data. Starting from 2022 models, automakers will be required to sell vehicles with extended access to mechanical data that is related to vehicle maintenance and repair, as well as equip these vehicles “with a standardized open access data platform.” With vehicle owner authorization, independent repair facilities will be able to retrieve mechanical data, run diagnostics and send commands to the vehicle through a mobile-based application.

Cybersecurity and Privacy Concerns

Manufacturers have raised significant cybersecurity and consumer privacy concerns in response to the requirement for real-time, bi-directional access. The industry lobbying group Alliance for Automotive Innovation has argued that it will create security and safety risks but noted that that the organization will seek ways to lessen potential risks. Critics of the ballot measure, which include the Coalition for Safe and Secure Data, have also argued that it is far too expansive. The National Highway Traffic Safety Administration (NHTSA) expressed concerns that the initiative “would prohibit manufacturers from “complying with both existing Federal guidance and cybersecurity hygiene best practices”.  NHTSA is also concerned about the increased safety-related cybersecurity risks of the requirement for remote, real-time, bi-directional (i.e., read/write capability) access to safety-critical vehicular systems.

Furthermore, the Massachusetts ballot suggested that access to the telematics systems “… shall not require any authorization by the manufacturer, directly or indirectly…” “…unless the authorization system for access to vehicle networks and their on-board diagnostic systems is standardized across all makes and models sold in the Commonwealth and is administered by an entity unaffiliated with a manufacturer.

While this initiative is currently restricted to Massachusetts, 2014 MOU precedent may indicate future expansion to the rest of the country.

European Union: Right-To-Repair Regulation

In order to promote fair competition between independent workshops and authorized dealers, the European Union’s Regulation (EU) 2018/858 requires OEMs to share connected car data with third parties by September 1, 2020. This includes a provision for technical information captured by onboard devices (OBDs) and other vehicle components to be provided to independent vehicle repair shops ensuring equal access to car diagnostic and maintenance data. This regulation fosters the concept of the extended vehicle, which now encompasses the physical vehicle as well as  the data it generates.

Consequently OEMs must “ensure that vehicle OBD information, vehicle repair and maintenance information is accessible, pending vehicle owner consent,  through websites using a standardized format in a readily accessible and prompt manner, and in a manner which is non-discriminatory compared to the provisions given or access granted to authorized dealers and repairers.” This includes straightforward access to vehicle systems, components, diagnosis information (such as minimum and maximum theoretical values for measurements) and diagnostic trouble codes, including manufacturer specific codes.

Data Accessibility vs. Data Privacy

Third-party access to vehicle data is not only a discussion about data accessibility and competition. It raises a number of data privacy questions that bring to light contrasting perspectives. As vehicle data regularly includes Personally Identifiable Information (PII), to what extent is the data access permissible under data protection law? Data minimization and privacy-by-default may play a central role in the development of a viable data protection concept for extended vehicles.

OEMs Need A Secure and Compliant Shortcut for Sharing Data

As more and more vehicles on the market are equipped with connected car technologies, mobility data becomes the fuel for many new services in the automotive and mobility sector. Given the multi-year automotive product development cycle, the deadline making this data available as a part of right-to-repair compliance is challenging.

Getting Ready for the Right-to-Repair Era

The Otonomo vehicle data platform can help bridge the gap between the OEMs and the right-to-repair initiatives providing value across the automotive ecosystem.

Otonomo Delivers a Platform for Accessible Standardized Data

The Otonomo Vehicle Data Platform was designed to connect service providers to cleansed, normalized, enriched data from multiple OEMs.

  • Online, platform-as-a service (PaaS) standardized access to data from all makes and models
  • Straightforward access to normalized data from multiple OEMs
  • Flexible consumption of the specific data that is actually needed

The Otonomo Vehicle Data Platform includes a simple RESTful API that allows OEMs and service providers to quickly integrate valuable automotive data into their services. The platform can provide Harmonized access to the data needed defined by the Right-to-Repair initiatives via a neutral entity unaffiliated with OEMs.

Facilitating Data Privacy Compliance

The Otonomo Platform is designed to protect both driver and commercial interests, providing secure data management and granular controls over what data gets shared per vehicle and in accordance with European and American privacy regulations. The Otonomo Consent Management Hub makes it simple and straightforward for drivers to grant or revoke access for specific services at any time. With the Otonomo Consent Management Hub, drivers gain full transparency into the services that have access to their automotive data, as well as insight into what data is shared with those services.

Using the Otonomo Consent Management Hub, each party has a single integration point through which they can validate driver consent and deliver the approved personal data. OEMs do not need to directly support integration with hundreds of companies. Otonomo provides an interface and API which OEMs can utilize to incorporate consent management into their apps. Consent information is passed seamlessly to the Otonomo Platform in real time.

Contact us to learn how Otonomo can help OEM and service providers to actively address the right-to-repair law and its challenges.

Architected for security and privacy by design, Otonomo’s platform complies with even the most stringent data privacy regulations including GDPR and CCPA, ensuring all parties are protected and companies remain compliant across multiple geographies.

Leave A Comment

Your email address will not be published. Required fields are marked *