TSCA Reform Center
TSCA Reform Center
Professionals By Name
Professionals By Practice Area
Professionals By Location
Advertising and Promotion
California's Proposition 65
Business Counseling and Transactional
Chemical Control REACH
Employment and Labor
Environmental and Toxic Tort Litigation
Food and Drug
Tobacco and E-Vapor
Health and Safety Compliance Audit
International Regulatory Affairs
Nanotechnology Strategy, Regulation and Defense
Biocidal Products Regulation (BPR)
Privacy and Internet
Product Stewardship, Green Chemistry and Sustainability
Trade and Professional Associations
Workplace Safety and Health
Washington, DC Office
San Francisco Office
News & Events
Summer Associate Program
CPSC to Hold Hearing on Connected Product Hazards
Mar 28, 2018
Following up on comments made by Acting Chairman Ann Marie Buerkle at the February International Consumer Product Health and Safety Officials Organization (ICPHSO) conference about plans for a public forum on connected products, the U.S. Consumer Product Safety Commission (CPSC) will hold a hearing focused on unique challenges and considerations that connected products pose for product safety.
Carefully establishing that the CPSC's remit exclusively involves product safety, and not data privacy or information security, a staff-prepared
(which was approved unamended by the Commission) identifies a number of possible safety-related questions about connected consumer products to be considered at the hearing. They include the following:
What best practices exist to predict hazards?
Should certification to appropriate standards be required before IoT devices can be marketed?
Are there ways CPSC can collaborate with other federal agencies and stakeholders to address potential safety hazards related to IoT?
What steps should be taken to prevent an Internet connection from creating a hazard to consumers after a product's purchase (or lease) and installation?
What role should safety standards or design guidelines play in keeping IoT devices from creating new hazards to consumers? Should these standards be voluntary or mandatory?
CPSC staff also listed some potential product hazards for connected products, including those caused by remote operation, unexpected operating conditions, loss of a safety function, and unforeseen dangers created by a product feature.
The Commission will hold a hearing on the issue on May 16, 2018, at CPSC headquarters in Bethesda, Maryland. Requests to participate are due May 2. Written comments, due June 15, can be sent
CPSC joins several other federal agencies already actively engaged on questions involving connected products.
Federal Trade Commission
(FTC) has jurisdiction over consumer privacy and security under its consumer protection mission, as well as in specific sectors like children's privacy (under the
Children's Online Privacy Protection Act
(COPPA)). Earlier this year, it obtained the
with a manufacturer involving alleged privacy and security lapses with connected toys.
The U.S. Department of Commerce's (DOC)
National Institute of Standards and Technology
(NIST) manages development of the
Framework for Improving Critical Infrastructure Cybersecurity
). While version 1.1 of this Framework is expected to be released in April, its process management-oriented approach is intended to offer both flexibility and a robust method to manage security questions.
DOC's National Telecommunications and Information Administration (NTIA)
Internet Policy Task Force
(IPTF) runs open and transparent multistakeholder processes to develop reports and recommendations on cybersecurity issues, such as the most recent
aimed at addressing the threats posed by botnets. Last year,
in NTIA's process that sought to address these threats using updates and patches to maintain and improve security for connected products.
While most agencies have focused on privacy and data security, the National Highway Traffic Safety Administration (NHTSA) issued voluntary guidance on self-driving cars in its September 2017 report
Automated Driving Systems: A Vision for Safety
The guidance discusses best practices for the testing and safe deployment of Automated Driving Systems and identifies "12 priority safety design elements for consideration, including vehicle cybersecurity, human machine interface, crashworthiness, consumer education and training, and post-crash ADS behavior." Following the recent fatal self-driving car accident in Tempe, Arizona, it has been widely reported that NHTSA and the
National Transportation Safety Board
sent teams to investigate, and both agencies have been in contact with Uber, Volvo, and federal, state, and local authorities concerning the incident.
CPSC should, of course, keep tabs on technology and safety. It has worked with companies on connected product recalls previously, as with the
that could fail to sound an alarm if consumers inadvertently deactivated it. At the same time, there are already a range of agencies that have expertise and jurisdiction when it comes to connected products. It will be important for the CPSC to avoid conflicting with or duplicating other agencies' requirements, since the line between security issues that affect privacy or infrastructure and those that affect safety may not be clear. Additionally, as the field develops, it will be important for CPSC to avoid actions that limit the flexibility to adopt appropriate technology solutions, for example, through adopting proscriptive standards or other requirements. As other agencies' work has shown, discussions through open multistakeholder initiatives can be an effective way of creating process management-oriented guidelines that avoid strangling innovation while creating a disciplined approach. The upcoming hearing may provide an important vehicle to prompt useful ideas.
For more information, contact Sheila A. Millar at
Nathan A. Cardon at
. Subscribe to our blog, the
Consumer Protection Connection
for regular in-depth analysis and updates on important consumer protection developments.
Sheila A. Millar
Nathan A. Cardon
Privacy, Data Security and Digital Media
Join our Mailing List
Updated Privacy and Cookies Policy
© 2018 Keller and Heckman LLP. All rights reserved