Right to Repair Debates Must Consider Your Right to Privacy

When your smartphone (or any digital device you rely on daily) breaks, it can feel like your whole life vanished in a single moment. Your digital lifeline to family, friends, support groups, important communities and work is suddenly cutoff. As our research has indicated for years, LGBTQ+ individuals access online spaces using devices like smartphones at a much higher rate than their heterosexual counterparts to find community, inclusive services, supportive mental health and so much more.[1] These digital lifelines are even more crucial for members of our community facing housing insecurity, youth[2], elders and our trans community who often solely rely on mobile smart devices as their only connection to online spaces. So, when an LGBTQ+ individuals’ smartphone breaks getting it repaired as soon as possible is one of their only options.

Unless you have a common expensive habit of breaking your device and know right where to go, you’ve asked someone or found an alternative device to immediately search for a repair business around you. In more rural areas, this might be many miles away and your options are most likely to be limited. In more urban areas, you most likely have more options but some of those business might take days to get an appointment which may leave you utilizing whatever business can complete the service as soon as possible.

Turning over your smartphone, tablet or other digital device to a complete stranger necessarily entails a certain amount of unavoidable trust that they will respect your privacy. Our phones typically contain several forms of highly sensitive personal information that is highly sensitive including social security numbers, debit and credit card numbers, medical and legal information not to mention intimate photos, contacts, and communications. In our digital world today, all of that information could be on that one device. For LGBTQ+ individuals, all of the aforementioned information is most likely on their device and more, not to mention sensitive information that could reveal our sexual orientation and gender identity. Thus, the privacy risk for members of our community (especially around access to their sexual orientation or gender identity data) when using any repair business can be uniquely impactful since twenty-seven states in the U.S. do not have state-specific LGBT non-discrimination protections[3] and given the current legal attacks on LGBTQ+ communities around the country (over 100 pieces of anti-LGBTQ+ bills are currently before state legislatures in 2023 so far).[4]

A 2022 study by the University of Guelph in Ontario, Canada, found that nearly half of computer repair technicians accessed sensitive information not related or necessary to the repair including photos, videos and financial data. The study also revealed that almost none of the repair centers studied, both independent or part of a national chain, had any privacy policies or customer data protections in place whatsoever. The results can be more impactful for women and other vulnerable populations, including LGBTQ+ individuals, who have a much higher risk of intrusion into their personal data. Privacy intrusions like this aren’t just annoyances, they can be devastating for a person’s sense of safety and security.

Hence, for everyone, including LGBTQ+ individuals, questions start to swirl. Will the repair technician go into parts of my device like photos, emails, files or apps? Will they try to gain access to payment cards? Will my basic privacy be violated? Quite often, the importance of that device and the need to get the repair done fast can cause us to lose focus on the inherent risks involved with turning such a personal device over to someone else. This may leave us wondering if and how our privacy is protected when we hand our devices over to third parties.

Currently the US does not have a federal privacy law in place that would cover these questions, so the onus falls on the state legislatures as 'right to repair’ becomes one of the hottest topics in efforts to address competition in the U.S. economy. Proponents of these bills framed as ‘right to repair’ proposals point to the consumer benefit of more choices and access to repair options beyond the device manufacturer and authorized repair centers. Critics however contend that this kind of unfettered access to data from independent and unauthorized repair providers could turn into a treasure trove for bad actors unless it has careful clear guidelines are in place.

Despite these differences, the privacy provisions of bills like the recently enacted New York state Digital Fair Repair Act, can be instructive in allowing consumers to benefit from more repair options, while also knowing the repair provider is held to strong consumer data protection standards. New York’s bill doesn’t require manufacturers to disclose passwords, security codes or other materials that would unlock secure features built into the device, especially when they are not necessary to the repair being performed. Privacy protections like those included in the New York bill, provide extra benefits to consumers by setting reasonable privacy expectations for device repair without restricting a consumer’s ability to repair their device themselves or through a third-party retailer. Debates around a consumer’s “right to repair” devices and equipment will continue, but the right to privacy, security, and safety shouldn’t be up for debate.

Legislators must consider the profound privacy impacts on those users that will be impacted by these bills, especially those marginalized and vulnerable users that may be most impacted or harmed by inadequate privacy protections, such as LGBTQ+ users. These bills should and must include strong consumer protection standards including guardrails on the access to and use of consumer information including passwords, security codes or other materials that would unlock secure features built into the device, especially when they are not necessary to the repair being performed. Policymakers need to consider not just the device itself, but the impact for the human user behind it.

[1] Vision For Inclusion: An LGBT Broadband Future - https://www.lgbttech.org/research [2] Queer Youth Exploring Their Identity, One Webpage at a Time - https://cssp.org/2019/07/queer-youth-exploring-identity-online/ [3] Freedom for All Americans - https://freedomforallamericans.org/states/ [4] NBC News - https://www.nbcnews.com/nbc-out/out-politics-and-policy/100-anti-lgbtq-bills-state-legislatures-2023-far-activists-say-fired-rcna65349