A partner at Venable LLP discusses the dilemma between the speed at which new technology enters the market and the pace at which the U.S. Consumer Product Safety Commission operates.
By Heather Capell Bramble
New consumer products increasingly leverage emerging technology, such as virtual and augmented reality (AR/VR), artificial intelligence (AI), robotics, high-energy-density power supplies, nanotechnology, Internet of Things (IoT) smart technology, and e-commerce. Innovative “smart products,” such as wearable technology and new products that are connected to the internet, understandably excite and entice consumers. For regulators, however, they pose interesting opportunities to make consumers safer and product recalls more effective; for consumers they can create potential serious dangers—some foreseeable, others not.
Enacted in 1972, the Consumer Product Safety Act (CSPA) (15 U.S.C. §§ 2051-2089) created the U.S. Consumer Product Safety Commission (CPSC). The CPSC is an independent executive branch agency whose mission is “keeping consumers safe.” ( See CPSC 2018-2022 Strategic Plan at 5; https://www.cpsc.gov/s3fs-public/CPSC_2018-2022_Strategic_Plan.pdf.) The CPSC reports that “deaths, injuries, and property damage from consumer product incidents cost the nation more than $1 trillion annually” ( https://www.cpsc.gov/About-CPSC). The agency works to prevent and reduce consumer product-related injuries and property damage by reducing physical hazards (e.g., fire, electrical, chemical, or mechanical) from diverse consumer products, such as toys, power tools, cigarette lighters, household chemicals, small and large appliances, infant and children’s products, and electronics.
New innovative technology products present daily challenges for the CPSC. In comparison to other federal government agencies, the CPSC is tiny, with approximately 500 employees and appropriations of only $126 million for fiscal year 2018. ( See https://www.appropriations.senate.gov/imo/media/doc/FY18-OMNI-FSGG-SUM.pdf.) Yet, the CPSC must continuously evaluate whether certain advanced technology and potentially dangerous consumer products must be recalled and whether new policy and guidance related to such products should be issued to the industry stakeholders manufacturing, importing, distributing, and/or selling (often online) these products.
The CPSC is aware of these potential challenges on the horizon. In January 2017, CSPC technical staff issued a report, Potential Hazards Associated with Emerging and Future Technologies (Staff Report), that identified the following potential hazards associated with these future technologies:
Recent headlines further highlight many of the most troubling dangers that may already be here: exploding hover boards and smart phones, the inability to trace dangerous products bought on e-commerce sites, and the hypothetical hacking or network failure scenarios associated with connected products that have already threatened American consumers.
It is not clear that the CPSC has the appropriate statutory tools to carry out its mission when it comes to e-commerce. In response to the widespread recalls of 2007, Congress passed the Consumer Product Safety Improvement Act (CPSIA) (Public Law 110–314, Aug. 14, 2008) in 2008 with bipartisan support. CPSIA reauthorized the CPSC and, among other things, provided the CPSC with additional authority over toys and children’s products; required certain third-party testing for chemicals such as lead and phthalates; directed the CPSC to establish a public reporting tool for consumer product incidents; and increased the CPSC’s authority to bring civil monetary penalties to $15 million per violation. At that time, Congress did not anticipate the eventual widespread use of technology to sell products across jurisdictions and directly to consumers’ homes – or the safety issues associated with this retail technology. Today, customers can buy products directly from China and have them delivered to their doorsteps, with no part of the supply or distribution chain falling under the CPSC’s jurisdiction. Currently the CPSC only requires manufacturers, importers, distributors, and retailers of consumer products to report consumer product safety incidents to the CPSC or to implement a product recall if necessary. ( See CPSA Section 15(b) and 16 CFR Part 1115.24.) The definitions of manufacturers, retailers, distributors, and imports do not include third-party platform sellers that never take control of an actual imported product but merely provide a platform through which to sell such products.
When consumers order directly from an overseas manufacturer, catching non-compliant products at the border is almost impossible. One- or two-item direct purchases of a product are often classified as “samples,” and thus U.S. Customs and Border Protection will not examine them, allowing potentially hazardous or untested products to reach the consumer. ( See Staff Report at p. 3.) Consumers utilizing these direct-to-consumer e-commerce sites have no way of knowing that their purchases are not receiving the same compliance and enforcement oversight as those that enter the U.S. in bulk lot shipments.
The CPSC is taking some initial steps to try and tackle this unique challenge. The CPSC’s most recent strategic plan specifically references e-commerce and third-party platform providers. In Strategic Goal 3, “[a]ddressing trends in retailing and e-commerce, such as the prevalence of online sellers or other direct manufacturer-to-consumer marketing, as well as sales through third party platform providers” is a high-priority focus. ( See CPSC 2018-2022 Strategic Plan at p. 30; https://www.cpsc.gov/s3fs-public/CPSC_2018-2022_Strategic_Plan.pdf.) It also includes a specific Strategic Initiative for Performance Goal 3.1.1, which directs CPSC staff to “[d]etermine the feasibility of implementing an e-filing process for manufacturers, importers, retailers, distributors, and third-party platform providers to submit incident data and/or Section 15(b) reports.” ( SeeId. at p. 32; https://www.cpsc.gov/s3fs-public/CPSC_2018-2022_Strategic_Plan.pdf.) These projects show that the CPSC acknowledges that it must figure out ways to engage with e-commerce and third-party platform providers. If they are successful, they can leverage these relationships if (and when) dangerous products must be recalled, and such products are being sold on these sites. The ability to contact customers through email and texting services in connection with specific purchases from those sites will help the CPSC improve its recall effectiveness rates.
The e-commerce issue was further discussed at the CPSC’s Recall Effectiveness Workshop (“the Workshop”) in July 2017. ( See CPSC Recall Effectiveness Workshop Report at https://www.cpsc.gov/s3fs-public/Recall_Effectiveness_Workshop_Report-2018.pdf?R1VyLltrl8M__id.2vkAklHoUZjaSCab; CPSC Recall Effectiveness Workshop, CPSC in cooperation with stakeholders Consolidated Discussion Notes at https://www.cpsc.gov/s3fs-public/Recall_Effectiveness_Workshop-Consolidated%20Notes_2018.pdf?YO6tPh4HWNRuwHSdi2nSVrz3DpbrGEG2; and CPSC Recall Effectiveness Workshop Transcripts at https://www.cpsc.gov/s3fs-public/Recall_Effectiveness_Workshop-Transcripts-2018.pdf?DANfPWVdXLz6jk.lAn9rzT3dX6ZQXQa0.) At the Workshop, stakeholders identified ways in which e-commerce sites can make recalls more effective. Examples included easy online product registration on e-commerce sites, direct notification about recalls to consumers from trusted e-commerce sites, and the ability to provide direct online incentives (credits or coupons) for registering a product or participating in a recall with the e-commerce site. ( See Note on Technological Advances to Improve Recall Effectiveness at https://www.cpsc.gov/s3fs-public/Recall_Effectiveness_Workshop-Consolidated%20Notes_2018.pdf?YO6tPh4HWNRuwHSdi2nSVrz3DpbrGEG2.)
As recently as Friday, May 4, 2018, Acting Chairwoman Buerkly joined leaders from Health Canada and the Consumer Protection Federal Agency of Mexico (PROFECO) to discuss the cross-border consequences of e-commerce at the North American Product Safety Summit (“the Safety Summit”) in Bethesda, Maryland. E-commerce companies that have technological solutions to these issues will find the CPSC eager to partner with them. Any e-commerce providers that choose to avoid engaging with the CPSC may do so at their own risk. Eventually, they may be caught unprepared if the CPSC decides to issue interpretive guidance on these issues, especially if they are caught in the middle of a serious and significant recall of a dangerous product sold on their e-commerce site.
Robotics, AI, and VR/AR are being used in thousands of new and improved consumer products, from video games to eyeglasses and vacuum cleaners and beyond. All of these advanced products present potential new hazards. Robots, AI, and AR/VR can lead to fires, electrocution, and shock hazards, as well as contusions, falls, and trips. The CPSC is actively looking at these products when it comes to both potential recalls and stakeholder guidance.
The CPSC relies heavily on the current voluntary standards organizations to provide minimum standards for these emerging products. Currently, there are many different standards across the globe for different aspects of these technologies (e.g., UL, ASTM, ANSI, ISO, and IEEE), and the CPSC will be watching (and participating) as those standards develop further. Industry stakeholders developing and selling this technology should participate in the various standards work taking place to ensure they are aware of any upcoming requirements. ( See Staff Report at pp. 10, 11, and 14.)
High-energy-density batteries, such as lithium-ion batteries, are the one potentially dangerous technology-related product that almost everyone knows. As the demand to make batteries and accompanying chargers smaller, faster, and more powerful increases and more products contain lithium-ion batteries, inconsistent and unreliable battery safety will continue to be an issue. A quick review of recent CPSC recalls shows that since January 2018, there have been at least six recalls involving high-energy-density batteries and chargers.
In February 2018, CPSC technical staff issued a Status Report on High Energy Density Batteries Project (“the Battery Report”) ( https://www.cpsc.gov/s3fs-public/High_Energy_Density_Batteries_Status_Report_2_12_18.pdf?UksG80UJqGY0q4pfVBkbCuUQ5sNHqtwO). The CPSC staff continues to actively work on battery issues. Currently, CPSC staff participates in approximately 11 voluntary standards activities (ASTM, ANSI, UL, IEEE, and ISO) related to batteries in consumer products. CPSC is also a founding member of the Lithium Battery Inter-Agency Coordination Group (LBIACG), which was formed in fall 2016 to improve cross-agency communications on battery safety issues. The Battery Report outlines all of the projects the CPSC is pursuing in various capacities to work with industry stakeholders to ensure that high-energy-density batteries are safe for consumer use. Most recently, the CPSC, Health Canada, and PROFECO spent an entire session at the May 4 Safety Summit discussing developments in standards and cross-border enforcement related to lithium-ion batteries and their joint safety concerns.
Nanotechnology is the science of using materials of infinitesimal size—on a scale of approximately 1–100 nanometers (nm). Nanomaterials often have unique optical, electronic, physical, chemical, or mechanical properties. Much is unknown about these materials and their impact on consumers resulting from exposure after use of consumer products containing such nanomaterials.
CPSC works on various collaborative activities with the U.S. federal government’s National Nanotechnology Initiative. ( See www.Nano.gov.) It is important to note that the CPSC is the only agency with mission responsibility for addressing unreasonable risks associated with human exposure to nanotechnology in consumer products. As such, they are currently cooperating and collaborating with other agencies and organizations to develop appropriate and “robust test methods to determine and characterize human exposure to nanomaterials from consumer products.” ( See Strategic Plan at 26.)
These days, so-called smart products, consumer items that connect or otherwise leverage IoT technology, receive the most attention in the popular press. Government agencies such as the Federal Trade Commission (FTC), Federal Communications Commission (FCC), Food and Drug Administration (FDA), and National Institute of Standards and Technology (NIST) have also been highly focused on assessing the safety of these products. Finally, the CPSC has prioritized IoT technology and products safety. On May 16, 2018, the CPSC held a public hearing dedicated to IoT and consumer product hazards (“the IoT Hearing”). ( See 83 FR 13122-24, March 27, 2018, https://www.federalregister.gov/documents/2018/03/27/2018-06067/the-internet-of-things-and-consumer-product-hazards. (FR Notice) and https://www.youtube.com/watch?v=7RdbpJ_eD98&app=desktop.)
Previously, CPSC previously voiced some concerns about the harm IoT technology and smart products may cause to consumers. In February 2018 at both the International Consumer Product Safety and Health Organization’s (ICPHSO) Annual Symposium and the New York Toy Fair, Acting Chairwoman Buerkle emphasized the CPSC’s commitment to working with CPSC stakeholders find solutions to the potential hazards that connected products pose to the marketplace.
The CPSC IoT Hearing presented an opportunity for all stakeholders to help shape CPSC’s policy related to IoT and smart technology products. For companies that sell, manufacture, or import consumer products connected to the Internet, the CPSC requested direct input. CPSC explained its concerns related to consumer products with IoT capability in two categories in the FR Notice:
Hazardization can result from remote operation of the product, unexpected operating conditions, loss of a safety function, or an intended product capability failure. CPSC explicitly stated that it did not “consider personal data security and privacy issues related to IoT devices to be consumer product hazards” under the CPSC’s current framework (83 FR at 13123). The CPSC realized that stakeholders may, however, have information on how data security and privacy issues cross over into product safety issues in certain circumstances, such as when the absence of data security makes a device prone to hazardization. The CPSC focused on the prevention of these problems and published an extensive list of questions addressing IoT and connected consumer product issues on which it would like stakeholder input in the FR Notice. The questions included:
Because IoT technology involves many new stakeholders, input from all parties is important. Thirteen diverse stakeholders presented at the CPSC’s IoT Hearing. Of the thirteen presenters, there were three representatives of consumer organizations, one academic, one security expert and researcher, one representative from a testing lab coalition, one representative from a testing and voluntary consensus standards organization, two representatives from international interests, and three representatives from industry trade associations or coalitions. As expected, the presenters all advocated for their individual agendas. But just as interesting as who attended and presented at the hearing was who was absent: coders, software designers, and app developers who create and transform the new technologies and devices under discussion. Such voices are clearly necessary in order for the CPSC to take next steps in this process and emerging hazard space. The absence of this expertise was palpable. Many of the presenters referenced potential solutions and proposed voluntary consensus standards that would be applicable to the work done by coders, software designers, and app developers. Unfortunately, none of the presenters were coders, software designers, or app developers. As a follow-up to the IoT Hearing, the CPSC should reach out directly to organizations such as Association of Software Professionals, The App Association, and Application Developers Alliance for comments on IoT and product safety.
Additionally, the FTC, FDA, FCC, NIST, National Highway Transportation and Safety Administration (NHTSA), National Telecommunications and Information Administration (NTIA), state agencies, and others are discussing their own policies regarding connected devices and smart technology. As explained by certain presenters at the hearing, NIST has been working for years to develop the Cybersecurity Framework. ( See https://www.nist.gov/cyberframework.) Presenters also discussed how the FDA is doing work in this space. A quick search of the FDA’s website shows that at https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm, FDA aggregates all of its cybersecurity-related guidance and ongoing work with stakeholders on IoT technology. The FTC has been routinely opining on privacy and related issues as they relate to connected and smart products. In February 2018 FTC Commissioners Ohlhausen and McSweeny published Mobile Security Updates: Understanding the Issues ( FTC Commission Report). The FCC and NHSTA have also begun to weigh in on this space as well. For example, in September 2017, NHTSA issued Automated Driving Systems 2.0, A Vision for Safety ( see https://www.nhtsa.gov/sites/nhtsa.dot.gov/files/documents/13069a-ads2.0_090617_v9a_tag.pdf) and in January 2017, FCC’s Public Safety & Homeland Security Bureau published a White Paper on Cybersecurity Risk Reduction ( see http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0118/DOC-343096A1.pdf). Yet, none of these agencies were present at the IoT Hearing. Again, the CPSC should reach out directly to these agencies to solicit comments on IoT and related issues so that any future actions are well informed and consistent with overall government objectives.
Furthermore, it seemed clear that the CPSC Commissioners were not familiar with ongoing work by these sister agencies relating to the Internet of Things. At one point in the hearing, there was a discussion about an Interagency Task Force specifically related to security and IoT technology. One presenter advocated for the creation of such an Interagency Task Force on these issues. And another presenter explained that such a task force may already exist. ( See https://www.ntia.doc.gov/category/internet-policy-task-force for a possible explanation of the referred to task force, yet it does not include the FTC or CPSC.) It was unclear whether some or all of the Commissioners were aware of the task force or knew if technical staff from the CPSC were on such a task force. The IoT Hearing highlighted that the CPSC has much work to do to understand the current state of IoT technology, including assessing what government work is occurring at this time that may impact consumer product safety.
Despite the lack of robust participation, the IoT Hearing was still a first, great step for the CPSC into this uncharted territory. As was discussed at various points during the hearing, when it comes to IoT technology, the CPSC is the only agency with the authority to recall a dangerous or defective connected “consumer product” or related program application. It needs to become educated and fluent in this space.
The hearing testimony generally touched on many of the issues in the CPSC’s Federal Register notice. The bulk of the discussion centered on a few key categories: voluntary standards; mandatory regulation; potential government guidance documents; international issues; safety benefits; and security vs. privacy vs. safety. The consumer-focused presenters all advocated for the CPSC to engage directly on this issue by gaining expertise, participating in voluntary standards work, joining an interagency task force, and beginning to work on mandatory standards. The representatives from the international community presented the OECD’s recent report, Consumer Product Safety in the Internet of Things ( OECD Digital Economy Papers, No. 267, OECD Publishing, Paris, 2018, http://dx.doi.org/10.1787/7c45fa66-en) and urged the CPSC to engage with the global community as it moves forward, addressing safety and connected products. The industry trade associations/coalitions and testing representatives presented key information about the current diverse and robust work being done by stakeholders to create effective voluntary standards and certifications for IoT products and technology. All of the CPSC Commissioners appeared interested, engaged, and focused on learning as much as possible from the IoT Hearing. The CPSC seems to want to get this right, but because of its lack of funding and technical expertise, it is going to need industry assistance. The IoT Hearing was a first step.
All eyes will be on the CPSC as it continues to tackle this highly sophisticated and technical product category – connected products. Companies are spending millions (if not billions) of dollars on designing and developing connected products, and creating systems of robust data privacy and security around these products, the network, associated applications, and the performance of the products. What the future holds is yet to be seen. Voluntary standards, product certifications, government-backed guidance documents, and everything else are all still potential approaches to this emerging hazard. What the CPSC decides as it moves forward will determine whether innovation is stifled or incentivized. All stakeholders still have time to submit comments and additional information on this issue until June 15, 2018.
Technological developments these days happen at a frighteningly fast pace. The newest products that debuted at CES2018 this past January are already old news by May. In contrast, the CPSC moves on most issues at the snail’s pace of an administrative government agency—the difference could not be more striking. Emerging technologies, those discussed above and those yet to be announced, will continue to be introduced into consumer products and immediately relied upon by consumers, long before the CPSC has a real understanding of the long- or short-term safety consequences such technology may have. That said, no consumer product or technology is infallible or perfect, and, predictably, acute safety incidents will continue to happen. Manufacturers, importers, and retailers would be wise to anticipate such failures, have appropriate compliance programs in place, and inform the CPSC as soon as necessary when they occur. Choosing not to do so may have disastrous consequences.
Industry should consider itself on notice. If necessary, the CPSC may need to make an example of the first case in which an advanced technology product causes serious harm, injury, or death to consumers and the CPSC was not brought into the situation quickly enough. In the final analysis, Acting Chairwoman Buerkle has been transparent and clear—the time is now for cooperation and collaboration on all of these technology issues with the CPSC. No company or product category should squander the opportunity to get out in front of this issue and engage in a productive relationship with the CPSC. Industry, consumers, and innovation will all be better off as a result of such efforts.
Heather Capell Bramble is a partner in Venable LLP’s Regulatory Practice, where she focuses on advising clients on consumer products, consumer protection, emerging technology, legislative and government affairs, and financial services. Most recently, she served as Chief Counsel to Commissioner Marietta Robinson at the CPSC. In that role, she provided critically important advice and counsel on all proposed consumer product regulations, and mandatory standards, as well as product recalls, administration litigation, and enforcement and settlement agreements, including referrals to the Department of Justice. Bramble is a seasoned senior policy advisor and litigator who has spent 20 years analyzing the various ways laws and regulations affect the markets, individual companies, and consumers. Importantly, she has done so from both sides—as a representative of a federal regulating body and while representing companies and individuals before federal agencies. Previously, Bramble spent significant time in private practice as a litigator, and she began her legal career as a trial attorney in the Division of Enforcement at the U.S. Commodity Futures Trading Commission.
Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)