TSCA Reform Center
PackagingLaw.com
About Us
Firm Overview
Pro Bono
PackagingLaw.com
TSCA Reform Center
Sitemap
Our People
Professionals By Name
Professionals By Practice Area
Professionals By Location
practices
Advertising and Promotion
Antitrust
Biotechnology
California's Proposition 65
Business Counseling and Transactional
Chemical Control
Chemical Control REACH
International
TSCA
Employment and Labor
Environmental
Fuels
Environmental and Toxic Tort Litigation
Food and Drug
Food Litigation
Tobacco and E-Vapor
Government Relations
Health and Safety Compliance Audit
Insurance Coverage
Food Litigation
Intellectual Property
International Regulatory Affairs
Litigation
Nanotechnology Strategy, Regulation and Defense
Pesticides
Biocidal Products Regulation (BPR)
Privacy and Internet
Product Safety
Product Stewardship, Green Chemistry and Sustainability
REACH
Telecommunications
Trade and Professional Associations
Transportation
Workplace Safety and Health
Locations
Washington, DC Office
EU Offices
San Francisco Office
Shanghai Office
News & Events
News
Events
Press Releases
Media Contacts
Publications
Your Career
Your Career
Benefits
Firm Management
Our Culture
Professional Development
Recruitment
Summer Associate Program
Diversity
Career Opportunities
Contact Us
CPSC to Hold Hearing on Connected Product Hazards
Date:
Mar 28, 2018
Following up on comments made by Acting Chairman Ann Marie Buerkle at the February International Consumer Product Health and Safety Officials Organization (ICPHSO) conference about plans for a public forum on connected products, the U.S. Consumer Product Safety Commission (CPSC) will hold a hearing focused on unique challenges and considerations that connected products pose for product safety.
Carefully establishing that the CPSC's remit exclusively involves product safety, and not data privacy or information security, a staff-prepared
draft notice
(which was approved unamended by the Commission) identifies a number of possible safety-related questions about connected consumer products to be considered at the hearing. They include the following:
What best practices exist to predict hazards?
Should certification to appropriate standards be required before IoT devices can be marketed?
Are there ways CPSC can collaborate with other federal agencies and stakeholders to address potential safety hazards related to IoT?
What steps should be taken to prevent an Internet connection from creating a hazard to consumers after a product's purchase (or lease) and installation?
What role should safety standards or design guidelines play in keeping IoT devices from creating new hazards to consumers? Should these standards be voluntary or mandatory?
CPSC staff also listed some potential product hazards for connected products, including those caused by remote operation, unexpected operating conditions, loss of a safety function, and unforeseen dangers created by a product feature.
The Commission will hold a hearing on the issue on May 16, 2018, at CPSC headquarters in Bethesda, Maryland. Requests to participate are due May 2. Written comments, due June 15, can be sent
via email
.
CPSC joins several other federal agencies already actively engaged on questions involving connected products.
The
Federal Trade Commission
(FTC) has jurisdiction over consumer privacy and security under its consumer protection mission, as well as in specific sectors like children's privacy (under the
Children's Online Privacy Protection Act
(COPPA)). Earlier this year, it obtained the
first settlement
with a manufacturer involving alleged privacy and security lapses with connected toys.
The U.S. Department of Commerce's (DOC)
National Institute of Standards and Technology
(NIST) manages development of the
Cybersecurity Framework
(technically, the
Framework for Improving Critical Infrastructure Cybersecurity
). While version 1.1 of this Framework is expected to be released in April, its process management-oriented approach is intended to offer both flexibility and a robust method to manage security questions.
DOC's National Telecommunications and Information Administration (NTIA)
Internet Policy Task Force
(IPTF) runs open and transparent multistakeholder processes to develop reports and recommendations on cybersecurity issues, such as the most recent
report
aimed at addressing the threats posed by botnets. Last year,
FTC participated
in NTIA's process that sought to address these threats using updates and patches to maintain and improve security for connected products.
While most agencies have focused on privacy and data security, the National Highway Traffic Safety Administration (NHTSA) issued voluntary guidance on self-driving cars in its September 2017 report
Automated Driving Systems: A Vision for Safety
.
The guidance discusses best practices for the testing and safe deployment of Automated Driving Systems and identifies "12 priority safety design elements for consideration, including vehicle cybersecurity, human machine interface, crashworthiness, consumer education and training, and post-crash ADS behavior." Following the recent fatal self-driving car accident in Tempe, Arizona, it has been widely reported that NHTSA and the
National Transportation Safety Board
sent teams to investigate, and both agencies have been in contact with Uber, Volvo, and federal, state, and local authorities concerning the incident.
CPSC should, of course, keep tabs on technology and safety. It has worked with companies on connected product recalls previously, as with the
smoke detector
that could fail to sound an alarm if consumers inadvertently deactivated it. At the same time, there are already a range of agencies that have expertise and jurisdiction when it comes to connected products. It will be important for the CPSC to avoid conflicting with or duplicating other agencies' requirements, since the line between security issues that affect privacy or infrastructure and those that affect safety may not be clear. Additionally, as the field develops, it will be important for CPSC to avoid actions that limit the flexibility to adopt appropriate technology solutions, for example, through adopting proscriptive standards or other requirements. As other agencies' work has shown, discussions through open multistakeholder initiatives can be an effective way of creating process management-oriented guidelines that avoid strangling innovation while creating a disciplined approach. The upcoming hearing may provide an important vehicle to prompt useful ideas.
For more information, contact Sheila A. Millar at
millar@khlaw.com
or
+1 202.434.4143
or
Nathan A. Cardon at
cardon@khlaw.com
or
+1 202.434.4254
. Subscribe to our blog, the
Consumer Protection Connection
for regular in-depth analysis and updates on important consumer protection developments.
People
practices
Partners
Sheila A. Millar
Associates
Nathan A. Cardon
Privacy, Data Security and Digital Media
Product Safety