Arizona Mandates SaaS Providers Implement API

CDK Glob. LLC v. Brnovich, 2020 WL 4260506, (D. Ariz. July 24, 2020)

Author(s): Barry Irwin and Adam Reis
Edited by: 
Barry Irwin
August 11, 2020

The United States District Court for the District of Arizona recently denied a motion for a preliminary injunction seeking to avoid compliance with an Arizona law requiring software providers to implement an application programming interface.  The Court found the law was not preempted by the Copyright Act and did not violate neither the Contracts nor Takings clauses of the Constitution.

Plaintiffs develop, own, and operate proprietary computer systems known as dealer management systems (“DMSs”).  DMSs are licensed to automotive dealerships to help manage their operations, including handling confidential consumer and proprietary data, processing transactions, and managing communications.  Dealers were traditionally allowed to share their DMS login credentials with their chosen third-party integration providers—an integration is necessary to ensure that the DMS operates seamlessly with the dealerships’ other software, such as an accounting system.  In or around 2015, however, Plaintiffs began contractually prohibiting dealers from granting third parties DMS access without Plaintiffs’ permission.

In March 2019, the Arizona Legislature passed the Dealer Data Security Law (“the Dealer Law”), A.R.S. §§ 28-4651–28-4655.  The Dealer Law precluded DMS providers from (1) prohibiting third parties that had met certain security standards from integrating into a dealer’s data system or (2) placing unreasonable restrictions on integration.  The Dealer Law also requires that DMS providers “[a]dopt and make available a standardized framework for the exchange, integration and sharing of data from [a DMS]” and that they “[p]rovide access to open application programming interfaces to authorized integrators.”  An application programming interface, or “API,” is an abstraction that facilitates communication between multiple pieces of software.  In other words, an API might tell users what the DMS can do and how to do it (e.g., how to write and read data), which could make integration easier.

In seeking to enjoin compliance with the Dealer Law, Plaintiffs challenged the Dealer Law as preempted by the Copyright Act and as unconstitutional in violation of both the Contracts and Takings clauses.  Regarding the Copyright preemption argument, Plaintiffs argued copyright protection was afforded to “source and object code; distinctive screen layouts; graphical content; text; arrangement, organization, and display of information; and the dynamic user experience” found in the DMS software, API, and data.  Plaintiffs reasoned that compliance with the Dealer Law would result in unauthorized copying and access of Plaintiffs’ copyrighted works.  The Court rejected these arguments, finding that it was possible to construe the Dealer Law in a way that does not conflict with Plaintiffs’ rights under the Copyright Act.  Specifically, the Court relied on the testimony of Defendants’ expert that the API could be implemented in a way that does not result in reproduction, access, or divulgence of any proprietary, copyrighted material.  The Court similarly rejected the constitutional challenges, finding that the possibility of implementing the API in such a way, which would not require significant expense, meant it was possible for Plaintiffs to comply with the Dealer Law without interfering with their existing contractual obligations or being deprived of the economic benefit of their proprietary software system.

This case highlights the delicate balance between intellectual property and antitrust.  The DMS providers’ decision to limit who could perform integrations had a significant enough impact to warrant state-wide legislation.  In that way, the Dealer Law can be analogized to prohibitions on tying arrangements and rules regarding standard-essential patents, both of which seek to prevent anticompetitive effects that often accompany ubiquitous technology.  On the other hand, forcing a company to implement an API may result in a less than optimal implementation.  Given the integral nature of software to our lives, this is likely not the last time we will see regulation efforts like these.

Contact the Author

Name: Barry Irwin Phone: (312) 667-6081 Email: [email protected]