So-Called “Right to Repair” Bill Raises Serious Privacy, Security and Safety Issues for Consumers   

Published March 10, 2023

Members of Congress are Urged to Oppose H.R. 906 



Advocates for “right to repair” legislation claim that independent automotive repair shops do not have access to the parts or data necessary to repair vehicles. However, this concern was rectified years ago, and today the information independent shops need to repair vehicles is readily available from every auto and truck manufacturer. The latest iteration of “right to repair” legislation (H.R. 906) has little to do with repairing a vehicle. Instead, the bill compels auto and truck manufacturers to provide any “aftermarket parts manufacturer” the information necessary “to produce or offer compatible aftermarket parts,” i.e., parts not made by the auto or truck manufacturer. This legislation would also give any third-party access to sensitive consumer data from vehicles, which raises consumer privacy, vehicle security, and automotive safety concerns. This bill regulates only vehicles and does not apply to other equipment or products such as farm equipment or mobile phones. Members of Congress should oppose H.R. 906.



Vehicles generate tremendous amounts of data, including private information such as biometrics, vehicle location, or driver behavior data. This data is currently regulated according to strict privacy principles to protect consumers’ privacy and safety. However, H.R. 906 would require vehicle manufacturers to provide any third-party access to vehicle-generated data “without restrictions or limitations.” This overbroad requirement which covers all the vehicle’s data is unrelated to the servicing of the vehicle and creates serious privacy and safety concerns.  


H.R. 906 is similar to a 2020 Massachusetts law passed by ballot initiative that is under review by a federal court and has never been enforced. One of the flaws in this law requires new vehicles to be equipped with an “open data platform.” However, since motor vehicles are designed years in advance, the data platform this law required by 2022 does not yet exist. This legislation is also overly broad as it sweeps in heavy-duty trucks, even though heavy-duty truck dealerships are business-to-business operations with no consumer component.


  • This legislation undermines intellectual property rights. H.R. 906 compels auto and truck manufacturers to provide any “aftermarkets parts manufacturer” the information necessary ‘to produce or offer compatible aftermarket parts. This unfairly promotes the interests of aftermarket companies by allowing aftermarket parts manufacturers to gain access to automakers' proprietary information. This complete giveaway of proprietary information could then be used to facilitate reverse engineering of genuine, original auto and trucks parts, including safety-critical parts.
  • H.R. 906 is built on a faulty premise. The bill is apparently based on the premise that the information necessary to service and repair vehicles is not available to independent repair shops. However, information necessary to repair vehicles is already available to independent repair shops, which currently perform more than 70% of all non-warranty repairs.
  • H.R. 906 creates new privacy, vehicle security and safety risks. The information that the bill would force manufacturers to release creates serious privacy, data security and vehicle safety risks. For example, the bill mandates that motor vehicle manufacturers provide to any person the vehicle owner designates all the “vehicle-generated” data unconditionally, which may include sensitive private information.   
H.R.906 was introduced by Rep. Neal Dunn (R-Fla.) and has been referred to the House Energy and Commerce Committee. Members of Congress are urged not to cosponsor H.R. 906.