Jan 5, 201712:35 PMLegal Login
with Mindi Giftos and Andrew Schlidt
Don’t brush off the legal considerations of the ‘smartification’ of consumer products
(page 1 of 2)
This holiday, my siblings and I received a very nice gift from our sister, a dentist. It was an electronic toothbrush with multiple sensors that collect data related to the usage of the toothbrush. The sensors then send the measurements they obtain to a smartphone, which tracks the individual’s particular usage of the toothbrush. My sister asked us to test the product to see if she should recommend it to her patients. As a technology lawyer who concentrates on the Internet of Things (“IoT”), it was a stark reminder that the IoT is here and is beginning to more pervasively intertwine into the daily fabric of our lives.
As I inspected the product, my lawyer brain started to identify the legal issues involved with offering even a simple “smart” device, such as this electronic toothbrush. It became quickly evident that the IoT and “smartification” of consumer electronics will involve the intersection and coordination of multiple legal specialties, including at least the following:
- Patents: In many cases, the incorporation of sensors into the operation and functionality of an existing device, like a toothbrush, may qualify for patent protection. In addition, before launching a new “smart” product, it would be beneficial to clear the product through a freedom-to-operate prior art search in order to reduce the risk of a patent infringement claim.
- Technology transfer/co-development/licensing agreements: Most consumer goods manufacturers do not have proprietary sensor or communication technology/components that can be implemented into their products to allow for the collection and transfer of usage data. Thus, the smart device manufacturer must often license and/or co-develop necessary sensor and communication components that optimally fit into and support the operation of the smart device. Ownership and usage rights in this technology and any future developments must be established contractually so that each party’s interests are defined and protected.
- Software/copyright: Most consumer goods manufacturers are not also software companies. Therefore, third-party software/application developers often build the internal firmware and mobile applications that control and monitor the operation of the smart device. Thus, an agreement that defines the deliverables and assigns ownership of such deliverables to the manufacturer or service provider is important for protecting the manufacturer’s investment in the software components of the smart device and system.
- E-commerce: Like many smart devices, one feature of the smart toothbrush is to monitor the wear of the toothbrush head and notify the user when a new brush head is needed. The smartphone application has the ability to automatically purchase replacement brush heads when needed or, alternatively, allows the user to purchase replacement brush heads manually through the application. Having e-commerce components in the smart device require defining the terms that govern the transaction in order to avoid risk exposure under default commercial terms.
- Data privacy: Because the toothbrush and application collect data related to the usage of the device, the manufacturer is required to categorize the information and must also notify the user about what information is being collected and how it is being used. Personal care devices, like this toothbrush, may allow users to input medical conditions or identify problem areas. In some cases, the collection and storage of this information may be considered “personal health information” and could be governed by HIPAA. Moreover, if the smart system provides the ability to automatically purchase failing or worn out components, then data privacy obligations related to the collection and storage of financial information must also be considered.
- Data security: The device manufacturer must also set up a data infrastructure to store the collected information and implement necessary security procedures based upon the type of information that is being collected. Sensitive personal information, personal health information, and financial information all require a higher standard of care than just basic contact information. However, any data breach can quickly become a black eye on a manufacturer and can result in the loss of customers. Thus, a good data security policy and diligent adherence to that policy must also be implemented.