Data privacy and the dealership


Compliance regulations mounting

You may have heard of Moore’s law describing the rate of technological change. In 1965, the future chief executive officer of Intel, Gordon Moore, observed and predicted that technology would double nearly every two years. From then to now, his prediction has proven accurate.

Although agriculture traditionally lags behind in technological advances, Moore’s law has come fully to bear on our industry in the past two decades. Along with the rapid change in technology has come a tremendous amount of data being collected. There is so much discussion about data you’d think no one had to plow a field or hop in a combine anymore, just look at the data.

The Rise of Regulation

With all of this data out there about everyone and everything, it was only a matter of time before a backlash occurred and government got involved to regulate it. The rise of social media, which includes the collection of personal information, has become the culprit of misdeeds that have given rise in recent years to animosity about the use of personal information. Facebook and other social media platform’s collection, use, and sale of personal information have been grabbing headlines for several years now, even prompting a media spectacle around congressional testimony from Facebook founder Mark Zuckerberg.

Social media isn’t alone to blame for concerns about data and personal information. Hardly a week goes by without national news about a data breach compromising personal information from credit card companies, large retail chains, banks, state and federal agencies, hotel chains, even Google.

At this point, you may be wondering why this should matter to equipment dealers? Let me introduce to you the California Consumer Privacy Act. In the summer of 2018, California passed the first sweeping piece of legislation dealing with how private companies collect data, what they do with it and how they safeguard it. The law doesn’t just apply to large multinational corporations, either. Most likely, they apply to you.

Under the law, a company must comply with the CCPA if they receive personal data from a California resident and exceed one of three thresholds:

  1. gross revenues of $25 million,
  2. obtain personal information of 50,000 or more California residents, households or devices annually, or
  3. 50 percent or more of annual revenue derived from selling California residents personal information.

For most dealers, exceeding the revenue threshold alone would trigger applicability of the law.

As you can imagine, the compliance requirements under the law are broad and onerous. From developing data maps and inventories for all personal information to the requirement to post a “Do Not Sell My Personal Information” link on your company’s website, the affirmative steps a business must take are vast. Businesses will be required to fund and develop new systems and processes to comply with the requirements and also develop and put into place new data privacy policies. 

Beyond California

Now, you might be thinking that your dealership isn’t in California, so what does this have to do with me? There is the unfortunate adage that “as goes California, so goes the country” but that is truer here than in most situations. The data privacy issue seems to span the political spectrum with libertarian leaning conservatives also taking up the issue in conservative states across the country right now.

Fortunately, not all states are contemplating bills as burdensome as California’s legislation. However, states are not developing these laws in unison with one another, which could result in a patchwork of 50 different state laws with which to comply. There are many companies, including dealerships, that span across state lines and could be forced to comply with multiple, conflicting state laws regarding data privacy.

With legislation of one kind or another being introduced in nearly every state this legislative cycle, the issue has reached critical mass. That is most likely the reason large lobby groups, such as the U.S. Chamber of Commerce, have stepped in recently to call for a national data privacy law that would preempt state laws entirely. The thinking here is simple: If consumer privacy laws are inevitable, then there should be a single standard instead of 50. Data privacy clearly has an effect on interstate commerce, so Congress has the authority to legislate in this area if it chooses to do so.

Preparing for data security

For dealers, this means, in one form or another, you will likely have some affirmative steps to take so your business is compliant in the near future. It is all the more important to dealers because your customers have data that is already commoditized and closely guarded. Farmers and ranchers are finicky about their data, much more so than the average consumer. That heightened scrutiny mixed with new laws will surely bring additional accountability to dealerships about what is being done with data.

WEDA has seen this as an emerging issue for several years. We were probably ahead of ourselves in developing a data security program for dealers, but we could see the implications on the horizon. From an advocacy standpoint, we are monitoring legislation and have joined broad based business coalitions to support reasonable legislation in this arena and fight against the more burdensome requirements imposed by legislation similar to what we’ve seen in California.

In the end, a national framework might be the best route if Congress is capable of getting anything reasonable done.

Ties to Right to Repair

To add one more wrinkle to this issue, data security is a serious consideration in the right to repair debate. With proponents of data security asking for more stringent standards placed on businesses to protect consumer privacy, advocates for right to repair seek to make that nearly impossible.

If supporters of right to repair had their way, anyone would have the ability to circumvent technology protection measures for software and data security programs. At the same time, dealers and manufacturers of farm equipment would be held accountable for protecting that data. Clearly, these two concepts create conflict.

Concluding Thoughts

On many levels, data privacy and security are a paramount concern in the new digital age. However, policymakers and stakeholders should be aware that technology is still transforming at a rapid rate and any legislation addressing this issue should be flexible enough for businesses to adapt to those changes within a reasonable time.

Agriculture is still a business built on personal relationships. Hopefully, we can continue to avoid the hysteria surrounding data privacy concerns that we see in the social media world by getting together with real people to solve real world problems.

WEDA Visits Ottawa

Eric Wareham, WEDA vice president of government affairs, speaks about right to repair during the annual general meeting of the Canadian Federation of Agriculture in Ottawa, Ontario.

During the 2019 Annual General Meeting of the Canadian Federation of Agriculture, Eric Wareham made a presentation about the hazards of modifying farm equipment. A series of articles about modifying farm equipment have been published in Canadian Equipment Dealer, the sister publication of Western Equipment Dealer. Those articles are available on WEDA’s website at

While carbon pricing, rural investment, mental health, and the federal election emerged as priorities during the CFA meeting in Ottawa, Ontario, CFA members heard keynote speeches and participated in discussions centered on the theme “Producing Prosperity.”

“We want to show how investments in rural Canada and the agricultural sector can have benefits for Canada as a whole socially, economically and also environmentally,” said Ron Bonnett, CFA president.

Wareham concluded his presentation with an update about some of the misconceptions regarding right to repair initiatives cropping up in the U.S.

Article Written By Eric Wareham

ERIC WAREHAM is the vice president of government affairs for the Western Equipment Dealers Association. He is a graduate of the Willamette University College of Law and Augusta State University. Eric may be reached by writing to


About Author

Leave A Reply

3 × 2 =