When Cybersecurity meets Consent: On the Role of Fine Print in the Era of ‘Internet of Things’

By: Meirav Furth-Matzkin and Asaf Lubin


The proposed research will begin by surveying the federal and state statues, doctrines and case-law regulating the content of IoT consumer contracts in the United States. It will shed light on the questionable legal enforceability of liability waivers and warranty disclaimers in this context. Although the law to date does not explicitly prohibit the use of such contractual clauses in IoT agreements, these terms may be susceptible to ex post judicial invalidation if they are deemed unconscionable or if the court finds that the consumer did not consent to the company’s terms of service (for example because the terms were buried in the fine print and were not sufficiently conspicuous). The goal of this section will be to investigate whether courts invalidate such clauses in practice, and under what circumstances.

This part of the proposed research will also analyze the relevant sections of the recently proposed Restatement of Consumer Contracts (presented in May 2017 at the American Law Institute’s Annual Meeting). Recognizing that consumers barely read or review the terms of the fine print before entering into the transaction, the proposed Restatement advocates for the use of the unconscionability doctrine as “a primary tool against the inclusion of intolerable terms in the consumer contract. The proposed Restatement designates clauses that limit a business’s liability (or the consumer’s remedies) for any loss caused by intentional or negligent acts or omissions, or for death or personal injury for which the business would otherwise be liable, as presumptively unconscionable, especially in cases where the business “failed to take cost-effective measures to reduce the risk.

Read more

Data Base

To support this research we have created an original database of the legal documents of a diverse representation of IoT companies. We began by purchasing a commercial database of 349 publicly traded companies (on one or more stock exchange) prepared by “IoT Analytics”, a German-based provider of market insights and strategic business intelligence for the IoT industry. This database was selected because of its broad geographical scope: 47% of the companies in the database are in North America, 27% in Europe, 25% in Asia, and 1% in the Rest of the World.[1] The dataset also provides diversity in segment focus, with the IoT companies covering an array of key industries including smart home (16%), mobility and connected vehicles (11%), lifestyle and wearable tech (8%), smart city (6%), connected health (6%) and industrial solutions. (6%). In so doing, the database is, to our knowledge, the most robust and diverse commercial set currently available for purchase.[2]

Click here to read more

 In order to request an access to the database contact Dr. Asaf Lubin

[1] Database Description, “Internet of Things Public Companies Database 2015”, IOT Analytics (Mar. 2015), available at: https://iot-analytics.com/product/database-iot-public-companies/.

[2] Id.