TSCA Reform Center
TSCA Reform Center
Professionals By Name
Professionals By Practice Area
Professionals By Location
Advertising and Promotion
California's Proposition 65
Business Counseling and Transactional
Chemical Control REACH
Employment and Labor
Environmental and Toxic Tort Litigation
Food and Drug
Tobacco and E-Vapor
Health and Safety Compliance Audit
International Regulatory Affairs
Nanotechnology Strategy, Regulation and Defense
Biocidal Products Regulation (BPR)
Privacy and Internet
Product Stewardship, Green Chemistry and Sustainability
Trade and Professional Associations
Workplace Safety and Health
Washington, DC Office
San Francisco Office
News & Events
Summer Associate Program
FTC Staff Submits Comment to CPSC on Potential IoT Safety Hazards
Jun 20, 2018
The Consumer Product Safety Commission (CPSC) held a public hearing on May 16,
on the potential safety risks and hazards related to connected consumer products and requested comments on the topic by June 15
CPSC noted in its request for comments that its remit does not extend to the risks associated with personal data security and privacy. The event ended with a call for interested parties to also address issues raised at the hearing. On June 15,
of the Federal Trade Commission's (FTC) Bureau of Consumer Protection (BCP) submitted a comment that reiterated the FTC's expertise and jurisdiction over IoT information privacy and security issues. The FTC comments also noted that IoT products could pose both physical hazards, such as burns and chemical exposure, as well as technological hazards "associated with the loss of critical safety function, loss of connectivity, or degradation of data integrity," saying that the CPSC could play a helpful role in mitigating these risks.
The BCP staff comment focused on three aspects for the CPSC to consider in evaluating its role: What are some best practices for predicting and mitigating against safety hazards? How can the CPSC encourage consumers to register for safety alerts and recall information? What is the appropriate role of government in IoT security?
BCP staff suggested that the CPSC consider the following in assessing a possible regulatory approach to IoT:
Consider how companies might provide consumers with the opportunity to sign up
regarding safety notifications and recalls for IoT devices;
To the extent the CPSC considers regulating IoT devices, CPSC's approach should be technology-neutral and sufficiently flexible to avoid becoming obsolete as technology changes;
To the extent that the CPSC considers certification requirements for IoT devices, the CPSC should consider requiring manufacturers to publicly set forth the standard to which they adhere to improve transparency and provide consumers with better information with which to assess the safety and security of their devices.
Staff also reiterated FTC
to IoT companies on how to predict and mitigate against information privacy and security risks
evaluating risk, the FTC notes that "there is no "
fits all" approach to securing IoT devices. Reasonable security will depend on a variety of factors including the magnitude of potential risks, the likelihood of such risks, and
of low-cost tools to address the risks." These comments recognize that mandatory standards and certifications risk freezing technology and undermining a sound risk-based approach.
, it is important for all agencies to keep abreast of technology and safety issues related to IoT products. Since the FTC and other agencies have years of expertise and jurisdiction over privacy and data security, it will be important for agencies to coordinate and collaborate, focusing on their respective areas of expertise. The FTC is the lead agency on information security. It makes sense for the CPSC to focus on situations where connected product security flaws implicate physical safety in the operation of the product rather than information privacy and security questions.
For more information, contact Sheila A. Millar at
or +1 202.434.4143
Subscribe to our blog, the Consumer Protection Connection for regular in-depth analysis and updates on important consumer protection developments.
Sheila A. Millar
Join our Mailing List
Updated Privacy and Cookies Policy
© 2018 Keller and Heckman LLP. All rights reserved