The U.S. Consumer Product Safety Commission (CPSC) recently announced that it will hold a hearing on May 16, 2018, to receive information on potential hazards with Internet of Things (IoT) products.
In its public notice, the CPSC explained that the “purpose of the public hearing . . . is to provide interested stakeholders a venue to discuss potential safety hazards created by a consumer product’s connection to IoT or other network-connected devices; the types of hazards (e.g., electrical, thermal, mechanical, chemical) related to the intended, unintended, or foreseeable misuse of consumer products because of an IoT connection; current standards development; industry best practices; and the proper role of the CPSC in addressing potential safety hazards with IoT-related products.” The notice also clarifies that the hearing “will not address personal data security or privacy implications of IoT devices.”
So why does this matter?
The CPSC’s focus on safety hazards associated with IoT devices is notable given the current state of litigation over IoT devices. To date, plaintiffs in IoT product litigation have been unable to bring claims under traditional strict liability product defect theories because strict liability requires personal injury or property damage. See, e.g., Restatement (Second) of Torts § 402A (“One who sells any product in a defective condition unreasonably dangerous to the user or consumer or to his property is subject to liability for physical harm thereby caused to the ultimate user or consumer, or to his property . . . .”).
Instead, plaintiffs have focused on warranty and contract theories based on an alleged diminished value of the product and/or overpayment for the product due to its information security vulnerabilities. See, e.g., In re VTech Data Breach Litig., 2017 WL 2880102, *5 (N.D. Ill. July 5, 2017) (“Plaintiffs allege present injury in the form of benefit-of-the-bargain damages resulting from their breach of contract claim, because the products they received were worth less than the products they were promised.”); Flynn v. FCA USA, LLC, 2016 WL 5341749, *3 (S.D. Ill. Sept. 23, 2016) (Plaintiffs “claim they overpaid for their affected vehicles because the automobiles had defects at the time they were purchased, and they also insist that the defects have caused an appreciable drop in the value of their vehicles on the market.”). Yet, even under these theories, plaintiffs have had mixed results on surviving a motion to dismiss.
So understood, IoT product manufacturers would be wise to keep a close eye on the CPSC’s hearing and its work in this area and to analyze how it could apply to their IoT products. If the CPSC’s efforts identify actual safety hazards associated with IoT devices (and not just theoretical ones), IoT manufacturers can be sure that plaintiffs’ attorneys will be paying attention.