American businesses are presented with great economic opportunities as connected devices—often referred to as the Internet of Things—quickly become integrated into consumers’ daily lives. However, these opportunities are accompanied by new legal risks; for example, class action lawsuits have alleged that connected products were inadequately secured against cyber threats or violated user privacy. Against this backdrop of increasing opportunity and legal risk, the US Consumer Product Safety Commission (CPSC) held a public hearing on May 16, 2018, to consider potential consumer product hazards posed by connected consumer devices. In this Legal Update, we provide an overview of the CPSC’s regulatory authority and highlight five key topics from the hearing that are likely to inform the CPSC’s approach to consumer product cybersecurity going forward.
