February 21, 2019

February 21, 2019

Subscribe to Latest Legal News and Analysis

February 20, 2019

Subscribe to Latest Legal News and Analysis

February 19, 2019

Subscribe to Latest Legal News and Analysis

CPSC Commissioner Elliot Kaye Issues Statement Providing a Framework of Safety for the Internet of Things

In recent years, the U.S. Consumer Product Safety Commission (CPSC) has begun to grapple with the effects of the Internet of Things (IoT) on consumer product safety. In May 2018, the CPSC held its first public hearing regarding IoT devices, during which the agency sought to jump-start a conversation on the appropriate framework for consumer product safety practices and IoT devices. In an effort to carry on this conversation, Commissioner Elliot Kaye recently released a framework, which he co-authored with his Senior Science and Policy Advisor, Dr. Jonathan Midgett, that provides an “overview of technology-neutral best practices to ensure consumer product safety in the design and deployment of devices, software, and systems used with the Internet-connected consumer products.” This framework should prove useful to consumer product companies as they navigate the burgeoning world of IoT devices.

For those readers unfamiliar with the topic, IoT is typically defined as a group of devices that have internet connectivity which enables them to communicate and interact with each other and collect data. In recent years, the number of IoT devices has expanded exponentially to include everyday devices such as home appliances, fitness wearables, and children’s toys. While these devices have many tangible benefits to consumers, they present their own set of risks to product safety. For example, what if a software update to a connected product goes awry, causing the product to overheat? Or what if malware infects a connected product, causing the product to malfunction? Indeed, the CPSC has already addressed an IoT device defect when the IoT-connected Nest Protect Smoke + CO alarm was recalled in 2014 for having a feature that allowed the user to temporarily but unintentionally silence some alerts or cancel a manual test by vigorously waving an arm near the device.

In an effort to address these new potential risks, Commissioner Kaye and Dr. Midgett published the above-mentioned framework. This framework is not intended to address issues related to personal privacy or data confidentiality, as those topics are the focus of other regulatory agencies such as the Federal Trade Commission and the Federal Communications Commission. Instead, the framework is focused exclusively on consumer product safety.

The framework begins by highlighting the roles and responsibilities of manufacturers and retailers of IoT devices. Both manufacturers and retailers “should anticipate safety concerns as new capabilities are added to the IoT ecosystem” and should have in place safety guidance procedures for both the product development phase and the lifespan of the product. Additionally, the framework recommends that a qualified safety supervisor “be assigned to monitor the development and marketing of each product and product component of an IoT system, including the safety of the software upon which the product relies for functionality.” Such a suggestion is considered a good practice of a robust product safety compliance program, irrespective of IoT devices.

Next, the framework addresses the necessary risk assessment that manufacturers should employ when developing connected devices. Importantly, it states that this risk assessment should be conducted for every product function, software update, and stage of the product’s lifecycle. Among other considerations, this risk assessment should consider:

  • The intended end user of the device, including inexperienced and expert user populations

  • An assessment of all components within the product that operate on the IoT system

  • Unintended consequences of actuation of any type of energy release by users through remote control

  • Unintended interactions of the subject device with other IoT devices

  • Unintended consequences of various types of malfunctions, including failure to load a software updated, data or code corruptions, and unintended activation

  • Unintentional defaulting to non-personalized settings

  • Failure to operate one or more critical safety functions

  • User error or misuse

Once a safety concern is raised through the risk assessment, the framework advises manufacturers to employ effective, feasible countermeasures, such as:

  • Certification of critical components to the appropriate industry standard or rule

  • Warnings and instructions to consumers

  • User authentication and confirmation for activations

  • Back-up systems for sensors or actuators that control safety devices

  • Adequate information about device components so that product updates can be traced throughout the lifespan of the device

Recognizing that certain product types will necessitate added safety measures, the framework ends with providing an extensive list of special product types and their additional considerations. Some of the special product types and additional considerations included in the framework are:

  • Wearable devices: information security and privacy breaches, potential for thermal burns, environmental isolation and potential distraction of users

  • Home security and monitoring devices: information security and privacy breaches, reliability over the product lifespan, loss of connectivity

  • Products connected to inherent hazards, such as stoves, fireplaces, and lawnmowers: accidental activation, intentional remote operation without presence of user, unintentional remote activation

  • Products that respond to hazards, such as fire sprinklers and CO alarms: aging effects, false alarms, unintended activation leading to credibility questions

  • Baby monitors and connected children’s devices: information security and privacy breaches, thermal hazards, strangulation on cords

While this framework is detailed and should prove helpful to the consumer product safety community, Commissioner Kaye and Dr. Midgett emphasize in their framework that it is just the initiation of a necessary conversation about consumer product safety and IoT devices. The Mintz Consumer Product Safety team agrees, as there are other major IoT issues to be addressed by the safety community and the CPSC.

For example, not addressed in the framework is the implications of the separation of the consumer product manufacturer from the actual developer of the IoT technology. This may mean that the party who the CPSC considers as the product manufacturer of the IoT device may actually be a firm relying on a vendor, contractor, and/or subcontractor to develop IoT technology outside of the “manufacturers’” expertise. Because these new third parties will be developing the IoT technology, will they be relied upon for directly interfacing with the product and consumer? This structure will have important implications for how the CPSC monitors IoT devices and who it communicates with when the agency addresses potential product hazards.

Then there are the myriad of CPSC practice and procedure issues. Should remedial software downloads be done unilaterally before receiving the CPSC’s blessing on the remedy? Are public communications such as press releases necessary or even desirable if all customer problems can be repaired directly? How many years does a device’s software have to be supported? If the software is no longer supported but results in a product safety issue, does the manufacturer have to take responsibility for the defect and report/recall in order to remedy the hazardous product?

These issues should be addressed in the near future before cases arise and policies are established by whatever companies are first in line. For now, we thank Commissioner Kaye and Dr. Midgett for taking the next step in the important conversation on IoT devices and consumer product safety.

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Charles Samuels, Mintz Levin Law Firm, Washington DC, Tax and Environmental Law Attorney
Member

Chuck is engaged in a federal and international regulatory and legislative practice. He has been extensively involved in product safety, environmental, tax, health care, technology, and energy issues, and public finance legislative and regulatory matters for a variety of trade associations, corporations, local governments, and state agencies.

His practice encompasses work before the US Consumer Product Safety Commission, Departments of State, Health and Human Services, Energy, and Treasury, US Trade Representative, Environmental Protection...

202-434-7311
Matthew Howarse, Consumer Safety, Attorney, Mintz Levin, Law Firm
Member

Matt is a prominent consumer product safety lawyer who advises manufacturers, retailers, importers, distributors, trade associations, and test laboratories. He has extensive experience with compliance, regulatory enforcement, recalls, and other product safety related issues. He represents clients before the Consumer Product Safety Commission (CPSC), Health Canada, the Federal Trade Commission, Congress, and state agencies. Matt draws on his four-year tenure as the CPSC chief of staff and his many years advising clients in private practice to devise practical and resourceful solutions for clients. He serves as Chair of Mintz’s Consumer Product Safety Practice and president-elect of the International Consumer Product Health and Safety Organization (ICPHSO).

Based in Washington, DC, Matt is the Chair of the firm’s Consumer Product Safety Practice. He focuses his practice on consumer product compliance and enforcement issues involving the US Consumer Product Safety Commission (CPSC), individual US states, the Federal Trade Commission, and Health Canada.

Matt previously served as the Chief of Staff of the CPSC from 2010 to 2013 and as the Chairman’s Senior Counsel in 2009. Matt is very involved in the national and international product safety community and currently serves as Vice President on the Board of Directors for the International Consumer Product Health and Safety Organization (ICPHSO).

Matt regularly helps companies seeking representation on product safety reporting obligations, recalls, regulatory compliance, product safety investigations, civil penalties, import investigations, internal compliance programs and training, the CPSC’s public database, and other regulatory and enforcement matters involving the Consumer Product Safety Act (CPSA), Consumer Product Safety Improvement Act (CPSIA), Federal Hazardous Substances Act (FHSA), Flammable Fabrics Act (FFA), Poison Prevention Packaging Act (PPPA), the Canada Consumer Product Safety Act (CCSPA), and other federal and state product safety laws. He assists clients with navigating complex product safety compliance issues and avoiding unwarranted recalls or enforcement actions.

Matt’s experience includes representing manufacturers, distributors, and retailers of apparel, children’s toys, fitness equipment, office supplies, household furniture, juvenile products, power tools, products requiring child resistant packaging, audio video equipment, arts & crafts materials, books, recreational and sporting equipment, safety equipment, hair care tools, kitchen appliances, lighters, candles, heating and cooling equipment, home decorations, promotional products, household cleaners, and many other types of consumer products. Matt also advises trade associations, testing laboratories, and various other types of clients on product safety issues and represents them before product safety regulators and Congress.

With over 10 years of experience in product safety, including the representation of a wide range of consumer product industries and working in a senior leadership position at the CPSC, Matt is able to provide well rounded, efficient, and thorough advice on the full spectrum of product safety issues.

202-434-7446
Associate

Evelyn focuses her practice on regulatory and compliance matters involving the Consumer Product Safety Act (CPSA) and other federal and state product safety laws. She helps companies seeking representation on product safety reporting obligations, product safety investigations, recalls, and other regulatory and enforcement matters. Evelyn also engages in trade association representation and has an antitrust practice in which she advises on many aspects of antitrust law, including merger review and private antitrust litigation.

Prior to joining Mintz, Evelyn was a litigation associate...

1.202.434.7369