A technology-focused attorney with expertise in data privacy laid out what shops should be aware of when signing end-user license agreements (EULAs) for their equipment.

Jeff Stefan, partner at Varnum LLP, said during a Collision Industry Conference (CIC) meeting last week that there are a number of factors shops should take into account when signing agreements for things like scan tools.

A EULA “essentially is a legal contract that governs not only the use of the software in the tool, but how data is handled and shared between the parties,” Stefan told conference goers in Indianapolis, Indiana. “There’s some really key provisions within the EULA that are really important to understand.”

He touched on: 

• • License grants, which dictate a tool’s usage and intellectual property rights. They can limit the amount of people using the tool and where it can be used;
  • Liability allocation, a provision that determines who would be at fault if something goes wrong with the scan tool; and
  • Data handling compliance, and the importance of understanding what the scan tool provider can do with data that’s collected such as vehicle information numbers or crash history.

Shops should also consider who the scan tool provider is allowed to share data with when signing EULAs, Stefan said.

“If the contractor is silent on that question, essentially it means that scan tool providers can share the data with whoever it pleases,” he said. “There’s no law in the U.S. that would, for instance, restrict that company from sharing the data overseas to China or anywhere else.”

He added that even if a EULA is signed in the U.S., it doesn’t necessarily mean that the contract would be governed under federal laws. If foreign companies from overseas don’t comply with U.S. laws, it would be a challenge for local shops to stop them, he said.

“That’s a real problem,” Stefan said. “Whether it involves adaptive IP, misuse of data, or things that could harm your customers or consumers, if you have to try to litigate in some foreign jurisdiction it’s going to be super expensive, and the likelihood of success may not be all that great.”

When reviewing EULAs, he said shops should look through the contracts to determine the type of data that’s being shared through the tools, and with whom it’s being shared. If the language in a contract is broad or doesn’t specify how the data is being used, shops should assume the company can do as it sees fit with the information collected, Stefan said.

“The concern there is not only from a legal perspective, but from a customer perspective,” he said. “Customers may not be aware that their data is being shared and when we think about legal obligations surrounding the impact of the new potential risks, one thing that is absolutely required under the law is you need to provide notice to the customer that [their data is being shared].”

Another component is obtaining customer consent, he said, adding that most companies roll permissions into customer contracts or terms of conditions that have privacy policies built within them. 

“It gives companies choice and transparency, and that’s what’s required under U.S. law,” he said. “It’s really important to have that because the way that U.S. privacy law works is, frankly, there’s very little that you can’t do or that’s prohibitive so long as you disclose and tell customers what’s being done.”

Stefan said it all comes down to risk mitigation and examining the key areas that could cause harm to a shop’s customers or business. He said establishing disclosures under customer contracts, and ensuring shops are being transparent about how data is collected, are among the best ways to start.

He said it’s also important for shops to ensure technicians are aware of the things to look out for when signing EULA contracts, and that they can consider having a second person review them before anything is signed.

Later in the presentation John Yoswick, editor at CRASH Network, shared statistics from a survey he helped conduct.

The survey asked more than 400 shops about their experience with estimates or repair data showing up as an entry on customers’ vehicle history report.

“We were interested in trying to gauge how prevalent the problem is and trying to isolate what path the information might [have] taken to get to Carfax or another vehicle history reporting service. We were at least successful in the first part of that goal,” Yoswick said. “But we also think the survey findings point to a larger picture message for all segments of the industry.”

The survey found that of participants throughout the U.S., only about 4% acknowledged sharing their estimate or repair information with a vehicle history recording service and two-thirds of those were dealership shops, Yoswick said.

Among those who do not share the data, 43% said they were aware of one or more instances in the past three years that a customer’s vehicle estimate resulted in an entry on a vehicle history report, Yoswick added. 

“That means more than two and five shops have had that happen in just the past three years alone,” he said. “Those percentages are virtually identical to a similar survey we did of 500 shots late last year so that consistency tells us it’s a pretty valid picture of what’s happening.”

Among shops that do not share the data but have had a customer say that it’s shown up on the vehicle history report, about one-third said there were just one or two instances of it happening within the past three years, Yoswick said. 

However, more than 25% said it has happened three to five times, and more than one-third said they were aware of it happening at least six times within the past three years.

“That means for those shops at least twice a year on average, they hear from a customer who was unhappy about what the customer perceived as the shop sharing data with a vehicle history reporting service,” Yoswick said. 

He said the survey also found that:

• • Users of each of the big estimating systems have experienced these issues;
  • A large majority of cases involved insurance-paid claims, although one-third were privately paid claims; 
  • About 70% said they used their estimating systems parts locating system for jobs that ended up on Carfax or another reporting service; and
  • 90% said they ordered parts.

“In short, while the survey confirms this is definitely a common problem in the industry, it doesn’t point to the most likely ways shop estimates are resulting in entries on data history reports,” he said. 

When shops were asked who they thought were sharing the data, about one-third said they thought it was insurance companies, 6% said they believe it stemmed from a dealership, 5% said they thought it was a third-party parts locating services and others thought it was caused by automakers.

“That means 90% of shops could very well be telling their customer who they think is doing this,” Yoswick said. “We think every segment of the industry ensures information providers equipment and vendor and software vendors, OEMs and their dealers all could be getting a black eye with shops and the consumers even if they’re not to blame.”

He added: “To us the story this data shows not that this is just a surprisingly common issue but more importantly, we see it showing that every segment of the industry has a stake in finding a solution.”

Images

Featured image: iStock/Hailshadow

Jeff Stefan, partner at Varnum LLP, speaks during a Collision Industry Conference meeting

Illustrations courtesy of CRASH Network