Massachusetts’ lawmakers have introduced what appear to be at least 13 virtually identical House and Senate bills seeking to expand the state’s landmark “Right to Repair” law to delineate rights for vehicle data access and control.
“They are all the same bill introduced by supporters of the issue so we support all of them,” Auto Care Association government and regulatory affairs Vice President Aaron Lowe confirmed in an email Friday. “I am sure that eventually everyone will coalesce around one bill that will be voted on by the legislature (at least that is the goal).”
For the purposes of this article, we’ll focus on House Bill 293, which lists Rep. Paul McMurtry, D-Dedham, as lead sponsor. With more than two dozen lawmakers in its corner, it had by far the most sponsors of either chamber as of Friday afternoon.
HB 293 would only allow OEMs to require authorization to access their OBD systems if “that authorization system for access to vehicle networks and their on-board diagnostic systems is standardized across all makes and models sold in the Commonwealth and is administered by an entity unaffiliated with a manufacturer.” The method of access itself must be standardized, according to the bill.
By the 2022 model year, anyone building a car with telematics must use “an inter-operable, standardized and open access platform across all makes and models that is capable of securely communicating all telematics vehicle data in a standardized format via direct data connection to the platform.”
Telematics are defined as anything in the vehicle “that collects and stores information generated by the operation of the vehicle utilizing wireless communications to transfer that information electronically. Such systems include, but are not limited to, motor vehicle remote diagnostics, automatic airbag deployment and crash notification, navigation, stolen vehicle location, remote door unlock, transmitting emergency and vehicle location information to public safety answering points and any other service integrating vehicle location technology and wireless communications.”
The owner or lessee of the vehicle must be able to “directly” access all of that “through a mobile-based application.” (Unfortunately, “mobile-based application” doesn’t appear to be defined.) If they choose, they can also grant permission so “all mechanical data shall be directly accessible by an independent motor vehicle repair facility or a class 1 dealer licensed pursuant to Section 58 of Chapter 140 limited to the time to complete the repair or for a period of time agreed to by the vehicle owner or lessee for the purposes of maintaining, diagnosing and repairing the motor vehicle. Access also shall include the ability to send commands to in-vehicle components if needed for purposes of maintenance, diagnostics and repair.”
Mechanical data is defined as “any telematics data in a vehicle related to the diagnosis, repair or maintenance of that vehicle.”
All telematics data belongs to the “motor vehicle owner,” which existing Massachusetts law already defines as the human or business that owns or leases a vehicle registered in the state.
The bill also would more teeth to the penalties provision of the existing law by making OEM noncompliance punishable by that automaker being unable to sell new vehicles in the state.
Owners would receive an explanation of their rights and be asked by a licensed dealer to sign that notice upon buying a vehicle with telematics. That notice would be developed by the attorney general and include at a minimum:
(i) explaining what is motor vehicle telematics, (ii) the data collected and stored by the telematic system, (iii) the capability of the consumer to access the vehicle’s telematic data through a mobile device and (iv) that an independent repairer with the permission of the consumer, can access the telematic mechanical repair information for vehicle repair purposes.
The notice would also allow the consumer to “assent or prohibit all telematic system data generated by the telematic system being transmitted from the consumer’s vehicle to the vehicle manufacturer.”
He or she could change their consent at any time “by visiting any new car dealership that sells the consumer’s vehicle brand or using an online mobile application.”
Why you care
The automotive aftermarket and OEMs have worked fairly well together for a while on diagnostic support and standardization, but the OEMs’ need for vehicle cybersecurity could create problems for independent repairers, an Equipment and Tool Institute leader warned shops earlier this year.
Then-ETI Executive Director Greg Potter (now the organization’s CTO) told the Collision Industry Conference in January vehicle manufacturers are being forced to make vehicles secure, but “there’s good people out here … that need access”
OEMs appear to be developing cybersecurity measures unilaterally, and there’s “no standardization in this case event,” Potter said. Potentially dozens of diverse security protocols could hit the market.
“The standardization effort we have embarked on for the last 25 years stands to be broken,” Potter said.
OEMs — mostly in Europe — have also come up with an “Extended Vehicle Concept” in which all the data surrounding the vehicle is considered their domain, according to Potter. They will collect it on their own server and sell it back to whichever parties request it.
“Of course, the aftermarket does not like” that idea, Potter said.
An Auto Care Association survey announced in October 2018 “found 86 percent of consumers said vehicle owners should have access to driver and vehicle data, also known as telematics. Additionally, the survey found 88 percent of consumers believe a vehicle’s owner should decide who has access to this data.”
House Bill 293 was been sent to the Joint Committee on Consumer Protection and Professional Licensure on Jan. 22. Other similar House and Senate bills have also been kicked over to the committee.
Massachusetts state Rep. Paul McMurtry, D-Dedham. (Provided by Massachusetts Legislature)
The Massachusetts Legislature is shown. (drnadig/iStock)