Right to Repair Debates Must Consider Your Right to Privacy

When your smartphone or any essential digital device breaks, it can feel as if your entire life has been disrupted in a second. Your digital connections to family, friends, support groups, important communities and work suddenly come to a halt. For LGBTQ+ individuals, who consistently access online spaces using devices like smartphones at a much higher rate, this technology is a lifeline to community, inclusive services, supportive mental health, and more. Given this, access to fast and trustworthy repair services is a top priority for LGBTQ+ individuals in particular. 

This is where the ‘right to repair’ movement steps in. To prevent device users from relying on specific device manufacturer centers for repairs following a break, ‘right to repair’ advocates for customers’ ability to fix devices themselves or seek repairs from third-party providers. In rural areas with limited repair options or urban areas inundated by repair needs, ‘right to repair’ seeks to improve consumer choice, speed, and affordability. 

However, entrusting your smartphone, tablet, or other digital device to a stranger involves an unavoidable level of trust. And for ‘right to repair’ to make your life easier without also making you more vulnerable, it must also emphasize your right to privacy.

Smartphones and similar devices contain highly sensitive personal information, from social security and financial details to medical and legal information, not to mention intimate photos, contacts, and communications. For LGBTQ+ individuals, whose devices likely hold even more sensitive information, including details about sexual orientation and gender identity, the privacy risk is particularly impactful. This risk is exacerbated by the current landscape of attacks on LGBTQ+ communities around the country- including more than 500 anti-LGBTQ+ bills so far in 2023 online- as well as the fact that 27 U.S. states lack specific LGBTQ+ non-discrimination protections. Furthermore, these risks are not just theoretical but have been studied and documented. 

--

A 2022 study by the University of Guelph in Ontario, Canada, found that nearly half of computer repair technicians accessed sensitive information not related or necessary to the repair including photos, videos and financial data. Most repair centers, whether independent or part of a national chain, lacked any privacy policies or customer data protections. Privacy intrusions like this aren’t just annoyances, they can be devastating for a person’s sense of safety and security.

A similarly damning study in October 2023 took smartphones and laptops to 20 repair stores across Ontario, outfitted with monitoring software to track technician activity on the devices. Technicians at nine stores accessed private data, with one technician not only viewing photos but copying them on a USB key. None of the private data viewed- which included financial information, email and social media accounts, and intimate photos- was necessary for these repairs. 

This raises questions not just for LGBTQ+ individuals, but for everyone. Will my repair technician access personal files and apps? Attempt to gain entry to my payment cards? Violate my basic privacy? The urgency to repair the device often overshadows the inherent risks involved in handing over such personal information to others. This leaves us wondering if and how our privacy is protected when we hand our devices over to third parties. 

--

Currently, the U.S. lacks a federal privacy law addressing these concerns, so the onus falls on the state legislatures. Proponents of these bills framed as ‘right to repair’ proposals point to the consumer benefit of more choices and access to repair options beyond the device manufacturer and authorized repair centers. Critics, however, contend that this kind of unfettered access to data from independent and unauthorized repair providers could turn into a treasure trove for bad actors unless it has careful clear guidelines in place. 

Despite these differences, the privacy provisions of bills like the New York state Digital Fair Repair Act, can be instructive in allowing consumers to benefit from more repair options, while also knowing that the repair provider is being held to strong consumer data protection standards. New York’s bill does not require manufacturers to disclose passwords, security codes or other materials that would unlock secure features built into the device, especially when they are not necessary to the repair being performed. Privacy protections like those included in the New York bill, provide extra benefits to consumers by setting reasonable privacy expectations for device repair without restricting a consumer’s ability to repair their device themselves or through a third-party retailer. Debates around a consumer’s “right to repair” devices and equipment will continue, but the right to privacy, security, and safety shouldn’t be up for debate. 

Legislators must consider the profound privacy impacts on those users that will be impacted by these bills, especially those marginalized and vulnerable users that may be most impacted or harmed by inadequate privacy protections, such as LGBTQ+ users. These bills should and must include strong consumer protection standards including guardrails on the access to and use of consumer information including passwords, security codes or other materials that would unlock secure features built into the device, especially when they are not necessary to the repair being performed. Policymakers need to consider not just the device itself, but the impact for the human user behind it.