The Internet of Things (“IoT”) is a broad and relatively new concept.1 The IoT includes smart appliances that track usage and status, cell phones and tablets, a person with a heart monitor implant, a pet with a microchip, a car with built-in tire pressure and blind spot sensors, smart speakers that respond to voice commands, fitness trackers, and many other devices.2 If a product can be connected to the internet, it can become an IoT device. 3
Generally, products liability law provides that a product manufacturer, supplier, distributor, or retailer can be held liable if a defective product reaches the hands of a consumer and the defect causes personal injury or property damage.4 Product liability claims are based on state law and can be pursued under negligence, strict liability, or breach of warranty theories.5 A prima facia case in any strict products liability action has the following elements: (1) the defendant sells a product that the plaintiff uses; (2) the defendant is the commercial seller of such a product; (3) the plaintiff suffers an injury; (4) when the defendant sold the item, the item was defective; and (5) the defect was an actual and proximate cause of the plaintiff’s injury. 6 Although the majority of jurisdictions require these four basic elements be met, there are differing analysis dependent on whether the state adopts the Restatement (Second) of Torts (1965) 7 or Restatement (Third) of Torts (1998). 8
There are three primary categories of product defects that give rise to an actionable strict products liability claim: manufacturing defects; design defects; and defective or inadequate warnings.9 Manufacturing defects occur during the manufacturing or production of the item.10 Design defects exist before the product is manufactured and result from a design flaw making the product unreasonably dangerous for consumers to use.11 Lastly, defective warnings are caused by improper instructions and failures to warn consumers of latent dangers in the product.12 Due to the nature of IoT devices, it is likely that the majority of strict product liability claims for IoT devices will be brought under a design defect theory.13 IoT products are relatively new and courts have yet to apply traditional product liability law to these new technologies. This has created uncertainty as to how products liability doctrines apply to internet connected products.
Policy Reasons for Strict Products Liability
The primary goal of products liability law is to compensate parties injured by defective products and place the burden on the party best able to prevent injury.14 Because product manufacturers can better anticipate hazards and guard against them than the general public, the court shifts the burden of preventing injury to the manufacturer and seller.15 These parties can additionally insure against residual losses and pass on insurance costs to purchasers as part of the price paid. 16 However, under a negligence theory, the victim would be stuck bearing this burden along with the cost of insuring against residual accident losses, the cost of injury, and loss of time.17 Instead, strict products liability best reflects the legitimate public interest goal of discouraging companies from creating and marketing products with defects beyond mere negligence and placing liability on the manufacturer—the one responsible for the defective products entering the market. 18
The Economic Loss Doctrine May Prevent Claims
A separate issue arises if the only damage is to the product itself. Once the court decides whether the software in the IoT device is a product, the court must then decide whether the software is a component part or an integral part of the larger product. The economic loss doctrine applies if the damage resulting from the defect is to the product itself and the damage is not actionable under a strict products liability theory. 35 In Golden Spread Coop., Inc., an electric cooperative brought a strict products liability action against a contractor for damage to a turbine caused by an error in the control system’s software. 36 The court held that when “only the product itself is damaged, such damage constitutes economic loss and the only recoverable damages are for breach of an implied warranty.” 37 Because the software was an integral part of the turbine’s operation, and “without one the other serves little or no purpose,” damage resulting from the software does not constitute damage to “other property” separate from the product itself and is therefore not actionable under strict liability due to the pure economic loss doctrine. 38
Expert Testimony is Required in IoT Device Cases
Typically, not all product liability cases require expert testimony to establish fault and prove that the product was defective or unreasonably dangerous. However, courts have held that expert testimony is needed in products liability cases with IoT devices. In Graves, parents brought suit for the death of their child against the manufacturer of a monitor, which tracked their premature baby’s breathing and heart rate. 39 The court stated that one cannot draw an inference of a defect from the mere fact a product failed and instead evidence is required.40 The court held that the design and structure of computer software was beyond the ordinary understanding and experience of laymen. 41 Therefore, the plaintiffs were required to support their allegations with expert testimony because the claim involved complex issues of computer science. 42
Recommendations and Conclusion
Despite the challenges and unique circumstances mentioned above, liability for defective IoT devices can be assessed in a similar manner as other product defects under a strict product liability theory. Based on the policy concerns behind strict products liability, courts should extend the existing products liability framework to IoT devices to achieve the most equitable result. 43 In addition, state legislatures should put regulations on IoT manufacturers to limit their liability and prevent damage. Manufacturers should not set unreasonable expectations for consumers during advertising and sales that indicate their devices will be free from error. 44 If the IoT device software requires an update, the manufacturer should alert end-users. 45 To prevent security breaches, manufacturers should communicate critical security information to the end-users in a timely manner as well as precautions they should take. 46 Lastly, IoT device manufacturers and software creators should specify the allocation of liability for potential software defects in IoT devices.47
Ambiguity as to Whether Software is Considered a Product/Good or Service
Traditional products liability principles apply well to IoT devices when the device itself malfunctions.19 However IoT devices contain a unique item that adds an additional layer of complexity to a product liability analysis: software.20 If the defect is in the physical object of the device, the manufacturer can be held strictly liable. But if the defect is in the software, courts have not clearly indicated whether software is a product for purposes of strict products liability. 21 IoT devices require additional determinations: whether the software was the source of the product’s defect and if so, how liability for a defect will be allocated between the device manufacturer and the software supplier.22 This unique aspect of IoT devices presents an issue for the application of strict products liability doctrines: whether software is a product or whether the software in a larger product is a component part.
The question of whether software and digital items are considered products is important because products liability only applies to products, not services. 23 A “product” is defined under the Restatement (Third) of Torts as a “tangible personal property distributed commercially for use or consumption.” 24 The Restatement does not consider services to be products.25 Unlike other component parts of IoT devices, because software is not a tangible “manufactured product,” a court might find that a strict products liability theory is not applicable for software errors in IoT devices. 26 Unfortunately, the question of whether an IoT device software is a product for strict liability purposes has not been addressed by the courts. “While many courts have applied contract law in software related cases under the Uniform Commercial Code (UCC), software manufacturers have not [always] been found strictly liable for software defects based on tort product liability theories.” 27 Under the UCC, courts typically treat custom-made software, like that in IoT devices, as a service rather than a good.28 Because of this, most observers predict that courts will treat the software in IoT devices as a service rather than a product. 29 As a result, strict products liability has often been found to not apply to the designers, manufacturers, and/or retailers of digital products.30
However, there have been exceptions to this general rule depending on the jurisdiction. 31 In In re Toyota Motor Corp. the plaintiffs filed a lawsuit arising out of a car crash which resulted from an alleged defect in the vehicle’s braking software.32 The plaintiff offered evidence regarding at least two available alternative designs that were desirable, feasible, and not cost-prohibitive.33 The court allowed this claim to proceed to the jury under a strict design defect theory of liability.34
The Economic Loss Doctrine May Prevent Claims
A separate issue arises if the only damage is to the product itself. Once the court decides whether the software in the IoT device is a product, the court must then decide whether the software is a component part or an integral part of the larger product. The economic loss doctrine applies if the damage resulting from the defect is to the product itself and the damage is not actionable under a strict products liability theory. 35 In Golden Spread Coop., Inc., an electric cooperative brought a strict products liability action against a contractor for damage to a turbine caused by an error in the control system’s software. 36 The court held that when “only the product itself is damaged, such damage constitutes economic loss and the only recoverable damages are for breach of an implied warranty.” 37 Because the software was an integral part of the turbine’s operation, and “without one the other serves little or no purpose,” damage resulting from the software does not constitute damage to “other property” separate from the product itself and is therefore not actionable under strict liability due to the pure economic loss doctrine. 38
Expert Testimony is Required in IoT Device Cases
Typically, not all product liability cases require expert testimony to establish fault and prove that the product was defective or unreasonably dangerous. However, courts have held that expert testimony is needed in products liability cases with IoT devices. In Graves, parents brought suit for the death of their child against the manufacturer of a monitor, which tracked their premature baby’s breathing and heart rate. 39 The court stated that one cannot draw an inference of a defect from the mere fact a product failed and instead evidence is required.40 The court held that the design and structure of computer software was beyond the ordinary understanding and experience of laymen. 41 Therefore, the plaintiffs were required to support their allegations with expert testimony because the claim involved complex issues of computer science. 42
Recommendations and Conclusion
Despite the challenges and unique circumstances mentioned above, liability for defective IoT devices can be assessed in a similar manner as other product defects under a strict product liability theory. Based on the policy concerns behind strict products liability, courts should extend the existing products liability framework to IoT devices to achieve the most equitable result. 43 In addition, state legislatures should put regulations on IoT manufacturers to limit their liability and prevent damage. Manufacturers should not set unreasonable expectations for consumers during advertising and sales that indicate their devices will be free from error. 44 If the IoT device software requires an update, the manufacturer should alert end-users. 45 To prevent security breaches, manufacturers should communicate critical security information to the end-users in a timely manner as well as precautions they should take. 46 Lastly, IoT device manufacturers and software creators should specify the allocation of liability for potential software defects in IoT devices.47