Consumer-related Copyright Issues on the Internet of Things

To help better understand the challenges posed by the IoT to copyright law, we have been commissioned by the Marketplace Framework Policy Branch and the Office of Consumer Affairs of Innovation, Science and Economic Development Canada to do a study of connected objects sold to Canadian consumers. The objective of the study was to gather relevant findings from the analysis of legal documentation, such as end-user license agreements from a sample of connected IoT products, and highlight issues that could impact Canadian consumers in the years to come. Our analysis identifies a number of copyright related restrictions, and brings to light several issues beyond copyright that merit consideration, such as competition, data portability and privacy.

First, we find that obtaining legal information on smart products, including software license restrictions and other copyright limitations, is an extremely difficult and time-consuming exercise. As a result, consumers are likely to have little to no knowledge of post-sale restrictions or limited liabilities of the manufacturers before they buy connected objects. This is an important finding as inadequate disclosure of information that is materially important to consumers can create competition and other policy concerns.

Second, our analysis of business models shows interoperability of platforms within an ecosystem of third-party devices and applications, but restrictions that limit interoperability across ecosystems. This market segmentation favors Amazon, Apple, Google and Samsung, which have significant influence over smaller smart device makers. Each offers their own ecosystem of IoT protocols, applications, and services.

Third, terms and conditions of consumer use of smart devices in our sample are set up to allow for the collection and transfer of personal data, often sensitive data, in addition to all data collected by the companies from other sources such as social media.

Furthermore, our study found that privacy policies are of limited use for consumers wanting to know how their product usage data will be used by the manufacturers, or how to transfer their data if they switch to a different product and platform. Moving personal data from one platform to another is likely impossible for the average consumer. The only recourse consumers have if they want to get their hands on their personal data collected from smart devices is through legal channels that are specified in privacy law requirements. This is highly impractical and time-consuming, and consumers are most likely unaware of their right to access their personal data. Technical and legal restrictions on portability limit consumer choices and raise concerns about competition in a sector highly dependant on data to bring new and innovative services to market.

Fourth, our study shows that software licensing is now common practice among smart device manufacturers. Licenses come with important restrictions, including limiting consumers’ ability to resell and modify software. Companies also include limited liability disclaimers in case of software malfunction. Implications for issues such as “right to repair” or products’ obsolescence could be important but depend ultimately on if and how companies trigger the licenses’ terms, and whether the terms are consistent with Canadian law. It is almost impossible to conclude definitively before purchasing an IoT product what limits to a consumer’s use of the product will be.

Understanding consumers’ ability to repair or resell requires conclusions based on a combination of documents, including the sales agreement, software license, and warranty conditions. Even then, the language used is so ambiguous that average consumers will likely have difficulty to determine if they can, or cannot, repair themselves or with the help of a third party technician the product they purchased, including the software associated with it.
 

Based on these findings, we make recommendations to address the issues of accessibility of legal information, data portability, interoperability of systems and competition. We recommend that the Government of Canada consider policy options in relation to the following priorities:

• labeling standards to help consumers locate and understand the terms on which they acquire and use IoT products and services.
• open standards and protocols to facilitate interoperability across platforms.
• integrating data portability and related issues with ongoing discussions about not only copyright reform but also reforms to privacy laws and other aspects of a Digital Charter.
• take seriously the relevant recommendations of the Parliamentary Committee for revisions to the Copyright Act.

Our observations about the nature of IoT products and services, and the terms and conditions associated with their use, suggest that further investigation of this topic may be warranted. In particular, additional analysis is required to better understand the compatibility of terms and conditions with copyright, competition, contract, consumer protection and other laws across jurisdictions and the impacts of these restrictions on consumers and the IoT.