The U.S. Consumer Product Safety Commission (CPSC) recently announced that it will hold a hearing on May 16 to receive information on potential hazards concerning Internet of Things (IoT) products. The CPSC also is accepting written comments from interested parties.

In its public notice, the CPSC explained that the "purpose of the public hearing . . . is to provide interested stakeholders a venue to discuss potential safety hazards created by a consumer product's connection to IoT or other network-connected devices; the types of hazards (e.g., electrical, thermal, mechanical, chemical) related to the intended, unintended, or foreseeable misuse of consumer products because of an IoT connection; current standards development; industry best practices; and the proper role of the CPSC in addressing potential safety hazards with IoT-related products." The notice also clarifies that the hearing "will not address personal data security or privacy implications of IoT devices."

The CPSC's focus on safety hazards associated with IoT devices is notable for two reasons. First, much of the focus on IoT products has been on security and privacy risks and not on whether internet connectivity could lead to safety hazards. For example, in January 2015, the Federal Trade Commission issued a staff report titled Internet of Things: Privacy & Security in a Connected World, which discussed the FTC's extensive work on the subject.

Second, the CPSC's focus on safety hazards is notable given the current state of litigation over IoT devices. To date, plaintiffs in IoT product litigation generally have been unable to bring viable claims under traditional strict liability product defect theories because strict liability requires that the product cause personal injury or property damage. In fact, in at least one case, the plaintiffs were adamant that their claims were not based on strict product liability. In re VTech Data Breach Litig., 2017 WL 2880102, *5 (N.D. Ill. July 5, 2017) (Plaintiffs "explicitly argue that their claims are not rooted in products liability or tort law, but rather contract law.").

Instead, plaintiffs have focused on warranty, contract, and consumer fraud theories, claiming that the product was diminished in value and/or they overpaid for it due to its information security vulnerabilities. See, e.g., id. ("Plaintiffs allege present injury in the form of benefit-of-the-bargain damages resulting from their breach of contract claim, because the products they received were worth less than the products they were promised."); Flynn v. FCA USA, LLC, 2016 WL 5341749, *3 (S.D. Ill. Sept. 23, 2016) (Plaintiffs "claim they overpaid for their affected vehicles because the automobiles had defects at the time they were purchased, and they also insist that the defects have caused an appreciable drop in the value of their vehicles on the market.")

Plaintiffs have had mixed results in surviving motions to dismiss.

IoT product manufacturers would be wise to monitor the CPSC's actions in this area and to perform a risk assessment on their IoT products. Any safety hazards identified by the CPSC are likely to be followed in short order by actions on behalf of the plaintiffs' bar.