FTC’s Look at Device Repair Policies Will Implicate IoT Privacy and Security and the Right-to-Repair Debate
March 29, 2019
On March 13, the FTC announced that it will be holding a workshop on repair restrictions – ways in which manufacturers might limit repairs of devices by consumers and third-party repair shops. The agency is seeking empirical research and data on topics like the risks associated with repair by third parties and impact of any restrictions on prices. Device manufacturers should pay close attention and evaluate whether certain restrictions can be beneficial for device security and consumer privacy throughout the lifecycle of the device, as the FTC’s workshop will set the stage for greater federal action in this area.
The FTC’s long-standing interest in repair restrictions is grounded in the Magnuson-Moss Warranty Act, originally enacted in 1975 with a focus on car parts. That law provides that companies may not condition a consumer product warranty on the consumer using an article or service identified by a brand, trade, or corporate name (unless it’s provided without charge or the company gets an FTC waiver). In other words, companies generally cannot void or deny service under a warranty based on a consumer’s use of third-party part or service, except to the extent that part or service further damages the product. The Magnuson-Moss Warranty Act was not drafted with digital devices in mind, and the FTC and industry have both struggled over the years to understand how best to apply the law. But, the FTC has been more engaged recently. Last year, the FTC sent warning letters to a number of digital device manufacturers based on its review of their warranty policies, which we broke down in detail at the time.
However, this new workshop goes beyond the specific issue of tying warranties to repair limitations, and also encompasses other ways in which repairs are restricted. The workshop announcement specifically points to “issues that arise when a manufacturer restricts or makes it impossible for a consumer or an independent repair shop to make product repairs and whether such restrictions undercut the Warranty Act’s protections.”
With this expansion in focus, the FTC is diving head-first into the so-called “right-to-repair” debate that that has ongoing for several years at the state level. Numerous states have been considering bills that would place affirmative obligations on equipment manufacturers to provide diagnostic and repair information to facilitate individual and third-party repairs. Because the policy considerations at stake go well beyond traditional Magnuson-Moss warranty considerations, the FTC’s engagement in this arena poses the potential for the right-to-repair discussion to take on a greater profile at a federal level.
To inform its analysis, the FTC has called for empirical research and data on a number of issues, including:
The prevalence of certain types of repair restrictions;
The effect of repair restrictions on the repair market and on prices, accessibility, and quality;
Manufacturers’ justifications for repair restrictions;
Risks posed by repairs made by consumers or independent repair shops;
Potential liability that manufacturers face for injuries resulting from consumer or independent repairs.
The FTC’s ultimate views on this issue will be important for IoT device manufacturers – and others – concerned about protecting device security and consumer privacy through the product lifecycle. The FTC is open to a broad range of views, and workshops like this often presage enforcement actions or reports that can drive policy. Federal action on this front would also influence, or even supplant, the ongoing state-level efforts and could therefore have an impact beyond what might otherwise be expected.
The deadline for submitting empirical research is April 30. The workshop will be held on July 16, and additional comments can be filed through September 16.