Internet-enabled devices continue to be interwoven into nearly every aspect of society. From the rise of smart cities, to connected utilities, where billions of bits of information are fed into smart grids, the trend in connectivity is accelerating.
The burgeoning use of smart devices, however, brings with it potential exposure to liability. Notably, the wearables sector—that is, the industry encompassing connected gadgets that can be worn by a consumer, such as fitness trackers and health monitors—has been a target of various forms of litigation.
Lessons can be learned from these early litigation matters that can help limit manufacturer exposure in the future.
The wearables sector is unique in the variety of forms of litigation to which it has been subject. Consumer class actions stand at the forefront in this sector—likely due to the accessibility of wearables for average consumers and the relatively small claims that these individual consumers have.
One example is when consumers allege that they have been misled about the features and capabilities of wearable devices. The hodgepodge of potential liability theories in these cases may include breach of express and implied warranties, fraud, and state unfair competition and advertising laws.
These cases highlight the risks that manufacturers may face from consumers about the “smart” features of wearable devices, and the need for clarity and restraint in their communication.
Data Security, Property Damage, Personal Injury Issues
Data security lawsuits are also common in this sector—especially when it comes to GPS tracking, medical, and health monitoring devices. For instance, vulnerabilities in such devices—including lifesaving implantable devices—could leave them open to hacking or failure. In these data security lawsuits, potential theories of liability could include tort theories such as negligence, or breach of warranties, or even liability under consumer protection laws.
Unauthorized access to personal information is also a concern. Recent reports of security flaws in the location tracking features of children’s smartwatches may open up the possibility for consumer harm and resulting data breach suits. These cases demonstrate the potential liability risks of wearable devices that collect or maintain critical, real-time information.
Litigation alleging property damage or personal injury is also seen in the wearables sector. A wearable device may cause damage to items of property separate from the connected device—or to the connected device itself. For instance, component parts of the device—such as batteries—may fail or overheat, causing the device itself to be destroyed.
Personal injury also poses potential risks. In 2019, the Food and Drug Administration issued a warning to health care providers and patients after a vulnerability with implantable defibrillators had been discovered that could have allowed unauthorized users to manipulate the device’s settings. Gone unnoticed, this vulnerability could have resulted in patient injury or even death.
Among the other types of cases in which smart devices may be involved, intellectual property cases are particularly common in the wearables sector. Because wearables often seek to track and collect similar forms of data (e.g., GPS location, heart rate, movement), overlapping technologies may give rise to intellectual property disputes in this sector.
How to Reduce Exposure
In the face of these looming litigation risks, manufacturers in the wearables sector should consider ways to mitigate or reduce their exposure to liability.
- As an initial step, manufacturers should ensure that supply chain contracts include appropriate indemnities, or at a minimum do not leave them responsible for disproportionate liability risks.
- Protocols for patching data systems must be in place. This will enable a manufacturer to swiftly respond to data breach vulnerabilities as they arise.
- Manufacturers should implement strong, robust consumer disclosures regarding their devices. Manufactures should also be conscious of jurisdiction-specific guidance that may require further disclosures, such as Europe’s General Data Protection Regulation or the California Consumer Privacy Act.
- Manufacturers should refrain from collecting data unless such collection is a part of their business model. By consciously choosing to limit the types and volume of data collected and stored, manufacturers may also eliminate unnecessary exposure to liability.
- Planned obsolescence should be a consideration—that is, manufacturers should consider whether it makes good business sense to ensure that out-of-date connected devices are disabled from creating liability risks (e.g., through after-the-fact security holes that may not be patchable in a particular device).
- Manufacturers of wearable devices will need to consider whether the type of device they are placing on the market constitutes a medical device subject to FDA jurisdiction. While fitness bands, common wearable devices, do perform medical-like functions, such as monitoring heart rate, they are generally not subjected to FDA regulation. On the other hand, invasive or implantable smart devices generally would fall under the FDA’s purview. Because the dividing line is not always clear on what constitutes a medical device, manufacturers must remain cognizant of the functions their devices are performing.
By thoroughly reviewing their wearable devices to ensure compliance with existing regulations and implementing the above strategies to respond to changing circumstances, manufacturers can be smart with their own devices.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Mark Raffman is a partner at Goodwin Procter LLP who concentrates his practice on complex product liability and consumer products litigation and advice. He advises on regulatory compliance audits and legislation as well as transactions posing product liability risks.
Briana Whinnie is an attorney in Goodwin’s Litigation Department in Washington, D.C.