A New Look At An Old Hot Topic: The Internet Of Things

Thanks to Rachel Bragg, law student at Cumberland School of Law and Summer Associate in our Birmingham office, Summer 2023, for her contributions to this article.

I. Introduction

In 1999, computer scientist Kevin Ashton coined the term "the Internet of Things" ("IoT") in order to put a name to his idea of using RFID¹ chips to track items as they moved throughout a supply chain.² "Though there is no specific definition of IoT, the concept focuses on how computers, sensors and objects interact with each other and collect information relating to their surroundings."³ Fast-forward twenty-four years, and the buzzword phrase now describes an interconnected network of devices ("things") linking various products we use every day. Growing at warp speed, some estimates say 14.3 billion IoT connections existed in 2022, with almost 17 billion predicted by the end of 2023.⁴

For years, attorneys have posed questions about the reach, implications and potential liability of this network, including most prominently:

• What are the privacy concerns that accompany these IoT devices?
• How will traditional products liability law apply to claims regarding these IoT devices?
• How can manufacturers minimize liability before placing IoT devices into the stream of commerce?

As with any other new technology, the legal community anticipated the plaintiffs' bar would bring a deluge of lawsuits featuring creative theories related to IoT devices. Although we have yet to see the "boom" in IoT-specific suits that we expected, we now have a fair sampling based on over twenty years of lawsuits, technological developments and analysis to review as we look towards the future of litigation in this area.

With the benefit of some amount of hindsight, how can we proactively identify issues arising with IoT devices and data, minimizing liability for manufacturers? How can we, after a lawsuit has been filed, creatively and successfully navigate the IoT legal waters? This article provides practice pointers for reducing the likelihood of lawsuits and for limiting exposure when those lawsuits inevitably arise.

II. Pre-Suit Practice Pointers

Benjamin Franklin famously advised that an ounce of prevention is worth a pound of cure.⁵ This is certainly true in the case of minimizing liability before a product reaches a consumer. In the spirit of prevention, what follows are practice pointers for minimizing liability with consumers, competitors, other companies in the supply chain and the government.

A. Set Expectations with Consumers

"The distinguishing feature of today's Internet-connected devices is a continuing relationship between the product and the manufacturer."⁶ IoT products are more likely to involve post-sale interactions and "communication" (including data sharing and use) between the manufacturers and consumers, distinguishing them from many traditional products. Effective communication is key in any relationship, and the ongoing relationship between a consumer and a manufacturer of an IoT device is no exception.

1. Marketing communications about the data that IoT devices collect should be clear, easily accessible and regularly updated alongside any software updates.
2. Terms and conditions, licensing agreements, and any applicable warnings should be transmitted in such a way as to maximize the likelihood that consumers will read them, and to provide a defense to failure to warn claims. Options include clickwrap⁷ and scrollwrap⁸ agreements, warnings on packaging or on products themselves, and written agreements certifying that the consumer has read and understood the agreement.
3. Manufacturers should clearly communicate what data they collect, how they use that data and who they will share that data with. This information should be communicated on the front end and should also be made easily accessible to purchasers who forget earlier communications or...