Maine group told more work and clarity is needed in ‘right to repair’ law recommendations
By onLegal
A state legislator and two automotive industry associations have taken issue with the Maine Right to Repair Working Group’s draft recommendations to amend the state’s new R2R law and carve out the responsibilities of a future commission that will handle vehicle data sharing in the state.
In November more than 84% of voters approved a referendum that began as a petition circulated by the Maine Right to Repair Coalition. It requires OEMs to standardize onboard diagnostics and provide remote access to those systems. A report from the working group is due to the Maine legislature by Feb. 28.
During the public hearing portion of the group’s Dec. 20 meeting, Rep. Tiffany Roberts (D-District 149) said the draft report only addresses Section A and lightly on Section B of the new law. Roberts is a member of the newly merged Housing and Economic Development Committee, which will receive the working group’s report.
“I would urge the group to look at each stakeholder’s comment in the context of the statutory charge,” she said. “Without doing so, the overarching statute, while well-intentioned, is rife with ambiguities, potential conflicts with federal oversight, and cybersecurity risks.
“The law’s telematics access provisions are a cornerstone of the debate, which has been very clear today but their necessity and practicality are questionable. As outlined in the GAO’s report, most vehicles repaired today do not require telematics data. Essential diagnostics information is already accessible through the onboard diagnostic port, or the OBD port. This raises a fundamental question: Why does Maine’s law emphasize telematics access when the industry and repair stakeholders agree it’s not currently essential?”
Roberts has been vocal in the past about “right to repair,” stating that legislation is unnecessary. At the group’s October public hearing, she said the future entity (since decided by the group to be called a commission) itself should be regulated by legislation as a licensing board. Rep. Amanda Collamore (R-District 68) agreed, and both said, as the legislation stands now, personal data generated and collected in vehicles isn’t secure.
Last week, Roberts noted that automakers have disabled telematics functionality within Massachusetts vehicles to avoid litigation over similar statutory language.
“If Maine proceeds without addressing these ambiguities, we risk replicating these outcomes, disabling telematic systems entirely, therefore failing to deliver on the promise we made to 84% of our voters,” she said. “Poorly secured telematics platforms could enable wide-scale attacks on vehicle fleets, disrupting critical infrastructure or public safety. While federal efforts, including the Repair Act, aim to establish cybersecurity and private privacy standards, Maine law lacks comparable provisions. This absence leaves consumers and repair facilities vulnerable to the very risks federal agencies are striving to mitigate.”
Roberts recommended the following:
-
- “Delay the implementation of the telematics provision… until a comprehensive evaluation can determine whether telematics access is genuinely necessary for repairs.
- “Strengthen cybersecurity and privacy protections, which is within the charge of the group.
- “Align Maine’s law with federal standards incorporating mandatory safeguards to protect consumer data and vehicle systems from cyber attacks.
- “Reevaluate the role of the independent entity — consider whether its proposed advisory role adds sufficient value or if existing enforcement mechanisms suffice.
- “Clarify key definitions and standards — define terms like, specifically, ‘independent repair facility.’
- “Establish minimum training and certification requirements for technicians accessing sensitive vehicle systems.
- “Engage with NHTSA, BIS, and FTC to ensure Maine’s law complements rather than conflicts with emerging national frameworks.”
Group members and the public have voiced privacy and cybersecurity concerns via third-party access since the group first met in August.
Earlier this month, two working group members requested a one-year postponement for automakers to comply with the telematics portion of the law that would require a standardized access platform beginning Jan. 5.
Representatives for the Maine Automobile Dealers Association and Maine Auto Recyclers Association also spoke during the hearing to address concerns they have about the group’s recommendations.
Attorney Bruce Gerrity, on behalf of the Maine Automobile Dealers Association, said the group has “drawn too much of a narrow focus.”
“You’re supposed to, in our view, make recommendations,” he said. “They don’t have to be unanimous. They don’t have to be detailed recommendations but they should fall within the scope of either the statute or the result. Under the statute, and I think this is one of the most important things that you have to do, Subsection 6 specifically refers to ‘all parts, tools, software, and other components necessary to complete a full repair of the vehicle, as referenced in the subsection, must be provided to motor vehicle owners and owner-authorized independent repair shops.’
“You have not provided the definition of an authorized repair shop. Should that be a specific list? For example, should there be an inspection capability or licensure? Should there be concerns with disclosures, for example, under the Used Car Information Act as to prior use of the vehicle? …Should there be provisions that relate to privacy standards, not GLB per se, but the kind of privacy standards that the FTC looks at, that the Consumer Finance Protection Bureau looks at? Is it a good idea for you to look at legislation that was considered by our legislature in each of the past two sessions relating to general privacy standards?”
Gerrity also asked the group if the recommendations should provide guidance on informing customers if shops aren’t OEM-certified and whether repairs come with warranties.
Earlier this year, the Connecticut Department of Motor Vehicles issued a bulletin that states all repair decisions should come from a licensed repair professional in consultation with the vehicle owner. It also states that only repairers or car dealers are in the business of repairing motor vehicles and are expected to repair vehicles safely and in compliance with available guidelines, including but not limited to, guidance from OEMs.
Last week, Auto Care Association Vehicle Technology Director Mike Tanner told the Maine R2R group that figuring out how to manage, secure, and control access to vehicle data doesn’t have to be done from scratch since the capabilities already exist, for example, with cell phones.
“On a per request basis, you can allow or disallow access to that data,” he said. “I would argue that just because it’s on a car that technology changes in any way; it can be done. The vehicle owner should have the ability to control that access to that data.
“I think the real concern is the safety issue here and that has been looked at for the last 10 or 15 years… I would argue that technology is not the barrier here. I think it could be the springboard. I think what’s missing is definitions of policy that can be implemented by these technologies. The policies need to be established through stakeholders. The policies could help alleviate the subjectivity through the determination of the rules for how and what data is accessed.”
Bill Bell, on behalf of the Maine Auto Recyclers Association, said it supports the group’s unanimous recommendations but is against a one-year postponement.
Representatives of commercial and medium- and heavy-duty vehicle associations also spoke during the hearing asking that those types of vehicles be added to the law to make repairs easier.
The group will meet next during the week of Jan. 13. Notice of the date and time will be announced. The group expects to make the last of its revisions to the report and recommended statute changes in January.
Images
Featured image: Maine State House (Credit: Sean Pavone/iStock)