Product liability and the internet of things
UK product liability law (derived from the Consumer Protection Act 1987 (CPA) which in turn incorporated into UK law EU Directive 85/374/EEC (the Directive)) is now over thirty years old. Putting that into context, the CPA was enacted over a decade before the internet was beginning to see mainstream use and at a time when the Sony Walkman was in its pomp and the Nintendo Game Boy was still to be released.
In the light of the rapid pace of technological development, it is no surprise that in January 2017 the European Commission launched a public consultation to evaluate the Directive and its fitness for purpose.
Internet of Things
One of the key areas of focus for the consultation is the ‘Internet of Things’ (IoT). For the uninitiated, the IoT is the interconnection via the internet of computing devices embedded in everyday objects, enabling them to send and receive data.
Our lives are already littered with examples of IoT technology (more than we would care to admit or perhaps would recognise) such as activity trackers, smart lighting, automated household appliances and self-driving cars. This trend will undoubtedly continue.
A study by the European Commission has predicted that the number of IoT connections within EU member states will rise to almost 6 billion in 2020 from approximately 1.8 billion in 2013. Whilst there are undoubted benefits from these technological advancements (dependent on your perspective) what is evident is that they raise thorny legal issues in areas such as product liability.
Product Liability Issues
If a self-driving car crashed or an automated household device caused a fire, where would liability rest? Under the CPA, liability primarily lies with the producer of the product (including the producers of component parts), any person who has held themselves out as being the producer of the product (such as putting their name on the product) and any person who has imported the product into an EU member state from outside the EU to supply it to another in the course of business.
However, the presence of IoT technology will likely complicate matters. A causal link is required between the defect and the damage it caused and it may become more difficult to determine whether an IoT device was at fault. There is also a more fundamental question of whether under CPA in its current form software falls within the definition of product.
Another issue relates to CPA s3(2)(c) which states that one of the relevant factors in determining the safety levels that people are generally entitled to expect is at the time the product was supplied by the producer. If a producer supplies updates to IoT devices, does this mean that the time period for determining safety at supply runs from each and every update? Approaching it from the other angle, would the consumer then be liable for failing to download such updates?
This on-going relationship between the producer and its device will also raise issues under one of the CPA defences which provides a producer with a defence if it can prove “that the state of scientific and technical knowledge at the relevant time was not such that a producer of products of the same description as the product in question might be expected to have discovered the defect if it had existed in his products while they were under his control”. For producers who monitor IoT devices, and therefore become aware of defects at a later date, it may be said that the device remains under the producer’s control effectively obligating continuing updates and continuing exposure to product liability claims.
The big issue which has hit the headlines on a number of occasions is that since IoT devices are connected to the internet they are vulnerable to the possibility of hacking. Under the CPA there is a defect if the safety of the product is not such as persons generally are entitled to expect. In relation to hacking, the question will be what level of security are people generally entitled to expect to protect them against hacking? The expectation of safety may vary dependent on the market the IoT device operates in.
The UK government is already looking at the issue of self-driving cars through the Vehicle Technology and Aviation Bill (VTAB). In its current form, the VTAB proposes that where an accident is caused by an insured automated vehicle driving itself, the insurer is liable for the accident. If there is no insurance the owner is liable instead. This is intended to avoid the need for a potentially complex product liability claim for the victim. However if an accident occurs as a direct result of prohibited alterations to the vehicle’s operation system or failure to install software updates, the insurer can recover from the person responsible, showing recognition that the product may not always be at fault. Additionally, an insurer or owner is not liable to the driver where the accident was caused due to the driver allowing the car to drive itself in an inappropriate situation. This brings back to focus driver negligence.
Should the VTAB be enacted, it will provide much-needed clarity in respect of self-driving cars. However, there are still a wealth of other IoT devices which continue to raise product liability issues for both producers and consumers meaning that this area of law still has plenty of room for development (even before you throw Brexit into the pot) and the response to the public consultation on the Directive will be very interesting.
This article was written by Jamie Cartwright. For more information please contact Jamie on +4401483252618 or at firstname.lastname@example.org
Fiona Edmond and Mark Smith write for Property Week on data centres as an infrastructure asset class
The complexity of operational issues is something those new to the sector may not anticipate and interest is likely to increase.
Charles Russell Speechlys advises discoverIE on its acquisition of Antenova
discoverIE is a leading international designer, manufacturer and supplier of customised electronics to industry.
Coded messages for landlords and tenants
“What does the code of practice mean for landlords and tenants? Read more here”
Gareth Mills writes for Lexology Getting The Deal Through on technology disputes in Bahrain
The most common disputes occur following perceived or actual failures to deliver required technology services an lack of clarity.
Charles Russell Speechlys advises Acora on acquisition of Westgate IT
Westgate IT specialises in providing IT support to businesses in the South West.
Jason Saiban writes for Food Manufacture on the food industry's climate change challenge
The key challenge will be how the environmental targets are actually met.
Grab the tail by the horns - Why is tail spend so critical in today’s outsourced portfolio?
It’s usually invisible, but in all likelihood, you’ve got tail spend.
Charles Russell Speechlys advises Appital Ltd on £2.5m Investment led by Frontline Ventures
Appital is an Equity Capital Marketplace which aims to bring innovation to Equity Capital Markets.
Mark Hill writes for In-House Community Magazine on solutions templating, a new priority for in-house legal teams
Removing the burden from legal teams, contract managers and administrators.
Charles Russell Speechlys advises Metier on US$39m investment into Africa Mobile Networks
AMN builds, owns, operates and maintains mobile network infrastructure in Africa.
Olivia Crane quoted by SoGlos on the increasing issue of cyber fraud being faced by businesses in Gloucestershire
Cyber fraud has cost Gloucestershire businesses around £369,800 in the last 13 months.
Tattoos, athletes and image rights
Campaigns featuring athletes often include visible tattoos and a number of recent legal cases demonstrate the issues that may arise.
Blue Sky Linking
Daniel looks at Sky's recent success in obtaining interim protection from infringement of their broadcast rights
The regulation of big tech: a changing tide?
Sonia takes a look at the two main areas where the UK is increasing the regulation of Big Tech in 2021
Don’t Gamble on Bingo Ads, Warns ASA
The ASA has issued a reminder to advertisers that bingo adverts will be treated as gambling ads for the purpose of standards regulation.
Recording Phone Calls: Don’t take Consent for Granted
What if an interviewee who is being called and interviewed “live” does not actually know he/she is on live television?
Continuing Progress in the Sphere of Inclusive and Non-Discriminatory Advertising
The latest developments from the ASA, CAP and BCAP relating to the advertising regulators’ attempts to tackle discrimination in advertising.
eCommerce and the Post-Brexit State of Play
Key UK and EU legislation governing how online platforms deal with consumers and their business users.
Top 7 Data Protection Tips for Employers
Here are our top 7 data protection tips for employers.
There has been an increase in online phising attacks over the past year - but why?