2016 Liability for Mobile Health & Wearable Technologies 89
watchbands should ensure that its Watch sensors are in contact with a user’s skin.194 Overall, the extent of a product manufacturer’s liability for privacy, but more ominously, security breaches, is an open question. How should manufacturers react to potential cyberattacks?195 At least in the near term manufacturer compliance or non-compliance with store or sub-regulatory guidance196 may influence the applicable norms.
B. Efficacy, Effectiveness, and Warranty Claims
In general terms, strict product liability does not apply to pure economic harms or complaints about product performance.197 Rather, plaintiffs in such cases must bring contractual or express warranty claims.198 In some states, consumer protection statutes grant private rights of action for such product “disappointments.”199 A good example of an effectiveness issue, albeit one pursued by the FTC and not a private action for damages, was raised against two developers who made “mole apps.”200 Defendants’ apps (going by names such as MelApp and Mole Detective) leveraged a smartphone platform’s camera to capture a picture of a mole and then requested the user to input other information.201
194. Band Design Guidelines for Apple Watch, APPLE 5-6 (May 6, 2015), https://developer.apple.com/watch/bands/Band-Design-Guidelines-for-Apple-Watch.pdf (“Bands must not prevent the user’s skin from maintaining direct contact with the Apple Watch heart rate sensors and back of Apple Watch, and must incorporate sufficient margin to compensate for shifting or dimensional changes of the band material. Failure to do so may interfere with Apple Watch wrist detect and Apple Pay features.”). 195. See generally John Villasenor, If a Cyberattack Causes a Car Crash, Who Is Liable?, SLATE MAG. (Aug. 11, 2015), http://www.slate.com/blogs/future_tense/2015/ 08/11/ if_a_cyberattack_causes_a_car_crash_who_is_liable.html?wpsrc=fol_tw (questioning who is liable in cyberattacks). 196. See, e.g., U.S. FOOD & DRUG ADMIN., POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES: DRAFT GUIDANCE FOR INDUSTRY AND FOOD AND DRUG ADMINISTRATION STAFF (2016) (providing FDA guidance on how to handle cyberattacks); U.S. FOOD & DRUG ADMIN., CONTENT OF PREMARKET SUBMISSIONS FOR MANAGEMEN T OF CYBERSECURITY IN MEDICAL DEVICES: GUIDANCE FOR INDUSTRY AND FOOD AND DRUG ADMINISTRATION STAFF (2014) (providing additional FDA guidance on medical premarket submissions for effective cybersecurity management). 197. E. River S.S. Corp. v. Transamerica, 476 U.S. 858, 872-73 (1986). 198. For example, a plaintiff can bring a claim under UCC §2-313. Id. at 872 (“The maintenance of product value and quality is precisely the purpose of express and implied warranties.”). 199. See, e.g., WIS. STAT. § 402.314 (2015) (implied warranty, merchantability, usage of trade). 200. Health Discovery Corp. & FTC v. Avrom Boris Lasarow, 2015-1 Trade Cases P 17280, 2015 WL 926509 ¶ 1 (Feb. 23, 2015) (referring to mobile apps that provide automated analyses of moles and skin lesions for symptoms of melanoma). 201. Id.