CDK Glob. LLC v. Brnovich

Decision Date02 April 2020
Docket NumberNo. CV-19-04849-PHX-GMS,CV-19-04849-PHX-GMS
PartiesCDK Global LLC, et al., Plaintiffs, v. Mark Brnovich, et al., Defendants, and Arizona Automobile Dealers Association, Intervenor Defendant.
CourtU.S. District Court — District of Arizona
ORDER

Pending before the Court is Defendant Arizona Department of Transportation ("ADOT") Director John S. Halikowski's Motion to Dismiss for Lack of Subject Matter Jurisdiction. (Doc. 38.) The Motion is granted.1

BACKGROUND

Plaintiffs CDK Global LLC, et al. ("Plaintiffs") develop, own, and operate proprietary computer systems known as dealer management systems ("DMSs") that process vast amounts of data2 sourced from various parties. Automotive dealerships hold licenses to DMSs to help manage their business operations, including handling confidentialconsumer and proprietary data, processing transactions, and managing data communications between dealers, customers, car manufacturers, credit bureaus, and other third parties. Plaintiffs employ multiple technological measures—such as secure login credentials, CAPTCHA prompts, and comprehensive cybersecurity infrastructure, hardware, and software—to safeguard their DMS systems from unauthorized access or breach. Plaintiffs also contractually prohibit dealers from granting third parties access to their DMSs without Plaintiffs' authorization.

In March 2019, the Arizona Legislature passed the Dealer Data Security Law ("the Law"). A.R.S. §§ 28-4651-28-4655. The Law went into effect on August 27, 2019.3 The Law regulates the relationship between DMS licensers like Plaintiffs and the dealerships they serve. Under the Law, DMS providers may no longer "[p]rohibit[] a third party that has satisfied or is compliant with . . . current, applicable security standards published by the standards for technology in automotive retail [(STAR standards)] . . . from integrating into the dealer's [DMS] or plac[e] an unreasonable restriction on integration . . . ." A.R.S. §§ 28-4653(A)(3)(b), 28-4651(9). The Law also requires DMS providers to "[a]dopt and make available a standardized framework for the exchange, integration and sharing of data from [a DMS]" that is compatible with STAR standards and to "[p]rovide access to open application programming interfaces to authorized integrators." A.R.S. § 28-4654(A). Finally, a DMS provider may only use data to the extent permitted in the DMS provider's agreement with the dealer, must permit dealer termination of such agreement, and "must work to ensure a secure transition of all protected dealer data to a successor dealer data vendor or authorized integrator" upon termination. A.R.S. §§ 28-4654(B)(1)-(3).

Plaintiffs filed the underlying complaint seeking declaratory and injunctive relief from the Law on July 29, 2019. This Motion to Dismiss for Lack of Subject Matter Jurisdiction followed on September 18, 2019.

DISCUSSION
I. Legal Standard

"For a case or controversy to exist under Article III, a plaintiff must have standing to assert his legal claims, those claims must be ripe for review, and the harm must be redressable against the defendants." Ariz. Contractors Ass'n, Inc. v. Napolitano, 526 F. Supp. 2d 968, 977 (D. Ariz. 2007) (citing Renne v. Geary, 501 U.S. 312, 320 (1991), as amended (Dec. 10, 2007), corrected, No. CV07-1355-PHX-NVW, 2007 WL 9723967 (D. Ariz. Dec. 10, 2007), and aff'd sub nom. Chicanos Por La Causa, Inc. v. Napolitano, 544 F.3d 976 (9th Cir. 2008). Redressability in this context means that "it must be likely, as opposed to merely speculative, that the injury will be redressed by a favorable decision." Planned Parenthood Ariz., Inc. v. Brnovich, 172 F. Supp. 3d 1075, 1086 (D. Ariz. 2016) (quoting Lujan v. Defs. of Wildlife, 504 U.S. 555, 561 (1992)). "It is well-established that when a plaintiff brings a pre-enforcement challenge to the constitutionality of a particular statutory provision, the causation element of standing requires the named defendants to possess authority to enforce the complained-of provision," Ariz. Contractors, 526 F. Supp. 2d at 983 (quoting Bronson v. Swensen, 500 F.3d 1099, 1110 (10th Cir. 2007)); "a generalized duty to enforce state law or general supervisory power over the persons responsible for enforcing the challenged provision will not subject an official to suit," Planned Parenthood, 172 F. Supp. 3d at 1086 (quoting Coalition to Defend Affirmative Action v. Brown, 674 F.3d 1128, 1134 (9th Cir. 2012)).

II. Analysis

The Plaintiffs have failed to demonstrate any harm that could be redressable against Defendant Halikowski. Although the Director is generally "responsible for the administration of the department," A.R.S. § 28-331(B), nothing authorizes him to prosecute or enforce all of the laws contained within the thirty chapters of Title 28, see, e.g., A.R.S. §§ 28-363(A), 28-364, 28-367. Instead, in areas where the legislature intended the director to have enforcement authority, it expressly provided for such authority. See, e.g., A.R.S. §§ 28-3411 ("The director shall administer and enforce this article," regardingtraffic survival school); 28-4002 ("The director shall . . . [a]dminister and enforce this chapter," regarding vehicle insurance); 28-5602 ("The following persons have authority to enforce this article: 1. The director of the department of transportation," regarding fuel taxes). Those provisions would be superfluous if the Director had comprehensive authority to enforce all aspects of Title 28. See Boise Cascade Corp. v. U.S. EPA, 942 F.2d 1427, 1432 (9th Cir. 1991) ("Under accepted canons of statutory interpretation, we must interpret statutes as a whole, giving effect to each word and making every effort not to interpret a provision in a manner that renders other provisions of the same statute inconsistent, meaningless or superfluous."). By contrast, § 28-4303, governing Chapter 10 where the Law is housed, designates that the Director "shall supervise and regulate all persons required by this chapter to be licensed" (emphasis added), a provision that is irrelevant to the Law, which has nothing to do with licensing. If the legislature had intended for the Director to enforce the Law, it could have amended this provision to simply instruct the Director to enforce the entire chapter.

Nor have Plaintiffs demonstrated that the ADOT Director has the authority to initiate and supervise an investigation for a violation of the Law through the ADOT Inspector General; indeed, Plaintiffs have cited no statute—within the Law or otherwise—that defines the duty of the Inspector General. The ADOT Office of the Inspector General was created through Executive Order 2004-23 to provide the Governor with "independent, objective, and timely information on ADOT programs and services." Ariz. Exec. Order 2004-23, https://azmemory.azlibrary.gov/digital/collection/execorders/id/2247/rec/1. Nothing about the Executive Order gives the ADOT Director the power to direct the activities of the Inspector General. Indeed, the Executive Order emphasizes that the Inspector General, while placed within ADOT, is independent and serves at the pleasure of the Governor. Regarding the ADOT Director, the Executive Order instructs only that the Inspector General must "[a]dvise the Director of ADOT and the Governor's Office and make recommendations on ways to strengthen and improve program procedures and operations" and "[f]ile a written report no less than annually with the Governor and theADOT Director on all matters related to the duties of the position." Id. Separately, the Executive Order notes that the Inspector General is appointed to "[c]onduct case investigations and audits designed to prevent and deter fraud, abuse, and misconduct in ADOT programs" and "[c]oordinate with law enforcement agencies on case investigations and...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT