M Attorneys at Law

edenica Law PLLC

Olivera Medenica

3 Columbus Circle, 15th Fl. New York, NY 10024 Tel: (212) 785-0070 Fax: (646) 514-5302 [email protected]

WEARABLE TECHNOLOGY AND THE FASHION INDUSTRY

Medenica Law PLLC  White Paper Series  October, 2016

Authors: Olivera Medenica, Esq. Perri Michael Tiffany Pho Anna Radke Elisabeth Schiffbauer

1   

I.

Introduction

Named by Time Magazine as one of the “Best Inventions of the Year,”1 Google Glass received a 12-page spread in Vogue, was the subject of comedy skits on “Saturday Night Live” and “The Colbert Report,” appeared on presidents, royalty, as well as celebrities around the world, and was integrated into Diane von Furstenberg’s runway show during New York Fashion Week 2012. Google Glass “exploded with the kind of fuss and pageantry usually reserved for an Apple iSomething.”2 More surprising, however, has been Google’s announcement earlier this year that Glass is going away.3 Tech reviewers who “finally got their hands on Glass described it as ‘the worst product of all time,’ aptly noting that it had an abysmal battery life, and that it was ‘a product plagued by bugs.”4 Most notably, Glass raised privacy concerns, “with people afraid of being recorded during private moments,” and has been banned “from bars, movie theaters, Las Vegas casinos and other places that did not want customers surreptitiously recording.”5 In other Google news, the company dropped its appeal seeking to overturn a fine from France’s data protection authority, the Commission Nationale de L’informatique et Des Libertes (CNIL), imposed in 2014,6 finding Google’s unified7 privacy policy violated France’s 1978 data protection law. Google was fined 150,000 euros ($171,821), the CNIL’s “highest-ever fine.”8 Recently, on March 10, 2016, CNIL issued a verdict, in which it fined Google Inc. €100,000 for failing to properly implement the “right to be forgotten.”9 The decision is based on the Judgment of the Court of Justice of the European Union (“ECJ”) in Costeja v. Google, which stated that Internet users residing in Europe could ask

                                                        1

Nick Bilton, Why Google Glass Broke, N.Y. TIMES (Feb. 4, 2015), E1, available at http://www.nytimes.com/2015/02/05/style/why‐google‐glass‐broke.html. 2 Id. 3 Nicky Woolf, Google Glass Ceases Production ‘In Present Form,’ THE GUARDIAN, (Jan. 16, 2015, 3:26 PM), http://www.theguardian.com/technology/2015/jan/15/google‐glass‐ceases‐production‐for‐now. 4 See supra note 2. 5 Id. 6 Rick Mitchell, Google Drops Appeal of French Fine Over Single Privacy Policy Across Products, Bloomberg BNA Daily Report for Executives™ (Feb. 6, 2015), http://dailyreport.bna.com/drpt/display/batch_print_display.adp. 7 Id. (“Google launched its unified privacy policy in March 2012 to track user information across its e-mail, social networking, YouTube, search engine and other services, as part of a plan to integrate multiple privacy policies into one.”) 8 Id. 9 Decision no. 2016-054 of March 10, 2016 of the Restricted Committee issuing Google Inc. with a financial penalty available at: https://www.cnil.fr/sites/default/files/atoms/files/d2016054_penalty_google.pdf

  2   

search engines to delist their personal data.10 Google has also been sued in additional EU jurisdictions.11 The above illustrates some of the prominent issues faced by a company in the advent of wearable technology. While privacy currently is arguably the largest obstacle facing consumers and businesses, additional issues regarding employment, intellectual property, and product liability will be discussed below. a.

What is Wearable Technology?

“Both the newest [tech] trend and one of the oldest – we have been wearing functional objects ever since watchmakers like Peter Henlein developed portable clocks in the 16th century.”12 Wearable technology “encompasses innovations such as wearable computers or devices; augmented reality (AR); and virtual reality (VR).”13 Currently, the existing wearable technology market is primarily comprised of smart glasses, watches, and fitness gear, such as the SCOTTeVEST and other Technology Enabled Clothing (TEC®), that allow a wearer “to store and use electronic devices.”14 Some exciting potential professional uses of wearable technology include surgeons using wearable technology to perform complex procedures, and even performing procedures remotely with wearables,15 firefighters using wearable technology, such as Google Glass, to respond to fires and other emergencies, with maps of the emergency site 16 and retailers “target[ing] shoppers with personalized services and promotions either inside their stores or before the customers even arrive.”17 Some airlines are already using wearable technology to compile personal passenger profiles to provide more personal service.18                                                           11

Supra 6. (On January 30, 2015, the U.K. Information Commissioner’s Office “ordered Google to improve its privacy policy in the U.K. by providing more information to service users about how it collects their personal information”. On December 15, 2014, the Dutch Data Protection Agency issued a cease-and-desist order to Google regarding its privacy policies. Spain’s Data Protection Agency “levied a 900,000 euro ($1 million) enforcement fine against Google over its unified privacy policy” and also “faces actions in Germany and Italy, as part of a joint EU enforcement action on Google’s privacy policy.”) 12 Emma Poole, The Brave New World of Wearable Technology: What Implications for IP?, WIPO MAGAZINE (June 2014), http://www.wipo.int/wipo_magazine/en/2014/03/article_0002.html. 13 Id. 14 Brian Socolow, Wearable Technology: The Next Big Thing in Fitness and Sports, http://groupynetwork.com/wearable-technology-the-next-big-thing-in-fitness-and-sports, (last visited Mar. 30, 2015). 15 Anahad O’Connor, Google Glass Enters the Operating Room, N.Y. TIMES (June 1, 2014, 12:01 PM), http://well.blogs.nytimes.com/2014/06/01/google-glass-enters-the-operating-room/?_r=0. 16 Joanie Ferguson, Firefighter Creates Google Glass App to Help Save Lives, DAILY DOT (Mar. 5, 2013, 2:28 PM), http://www.dailydot.com/technology/firefighter-google-glass-app/. 17 Adam D. Thierer, The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns Without Derailing Innovation, 21 RICH. J.L. & TECH. 6, 29 (2015). 18 Nicola Clark, Cool or Creepy? Airlines Use Digital Technology to Get Even More Personal, N.Y. TIMES (Mar. 18, 2014), at B4, available at http://www.nytimes.com/2014/03/18/business/airlines-use-digitaltechnology-to-get-even-more-personal.html.

3   

Many wearable technology devices interact with smartphones and tablets via apps to track users’ sleep, health, and movement patterns. This constant monitoring via smart devices, apps, and wearables has additionally inspired the health trend, the ‘quantified self,’ which refers to individuals who use digital logging tools to continuously monitor their daily activity and well-being.19 As opposed to other smart devices such as phones or tablets, wearable technology is personal. Other devices such as tablets may be shared among several users, but wearable technology may be specifically designed or adapted to a single person. “Wearables are not tied to a particular location and [are] continuously acquiring data as a user transitions from situation to situation and place to place.”20 Unlike other devices that may be used during the day or work hours, wearables are constantly operating (or are ready to operate) at night, and during personal or intimate settings. Highly attentive to their environment, wearables monitor and observe their location, collect information, and record their surroundings, generating vast amounts of data. b.

Wearable Technology and the Fashion Industry

What is different today is that technology developers are working to make wearable devices more fashionable. Many wearables are “clunky and unsightly,” which has likely “limited their adoption to some degree.”21 This may change with the development and use of “conductive fibres,” which will allow wearables to become incorporated into more stylish clothing; making the “fabric itself…an electronic device.”22 The emergence of wearable technology is generating partnerships between designers, fashion houses and large tech companies. Before wearable technology, tech companies were used to designing products for their functionality, such as computers and cell phones; they were not used to designing wearable products for consumers. “This is where the fashion industry has a much bigger role to play – in helping wearables find the right balance as fashion objects emerging from the consumer electronics industry.”23 These increasingly important partnerships stress collaboration from the start of the design process, so that technological design teams can work towards understanding design fit for consumers.24                                                         19

Gary Wolf, The Quantified Self, TED Talks (June 2010), http://www.ted.com/talks/gary_wolf_the_quantified_self?language=en. 20 Stephen S. Intille, Ph.D & Amy M. Intille, J.D., New Challenges for Privacy Law: Wearable Computers That Create Electronic Digital Diaries, (Sept. 15, 2003), http://www.ccs.neu.edu/home/intille/papersfiles/IntilleIntille03.pdf. 21 Adam D. Thierer, The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns Without Derailing Innovation, 21 RICH. J.L. & TECH. 6, 23 (2015).. 22 Woven Electronics: An Uncommon Thread, THE ECONOMIST, Mar. 8, 2014, available at http://www.economist.com/news/technology-quarterly/21598328-conductive-fibres-lighter-aircraftelectric-knickers-flexible-filaments. 23 Vikram Alexei Kansara, Amanda Parkes on Why Wearable Tech is About More Than Gadgets, THE BUS. FASHION, (Nov. 30, 2014, 10:49 AM), http://www.businessoffashion.com/2014/11/amanda‐parkes‐ wearable‐tech‐gadgets.html. 24 The N.Y. Times Conferences, Can Wearable Tech Be Luxury Fashion?, YOUTUBE (Dec. 2, 2014), https://www.youtube.com/watch?v=tS0tu‐FsOOU.

4   

On January 13, 2014 the Council of Fashion Designers of America (CFDA) and Intel entered into a “strategic collaboration” to “create a community for technology developers and fashion designers focused on wearable technology.”25Additionally, in December 2014, Luxottica Group announced its partnership with Intel to make “wearable technology stylish.”26 Later in 2014, Apple added Burberry CEO Angel Ahrendts and YSL Paul Deneve to its executive leadership,27 and as of February 2015, Google Glass is being overseen by jewelry designer Ivy Ross. Designers, including Tory Burch and Rebecca Minkoff have teamed up with FitBit and Case-Mate to create tech accessories,”28 Michael Kors also successfully partnered up with Android, and launched a chic smartwatch in the fall of 2016.29 Levi’s together with Google designed The Levi’s Commuter x Jacquard by Google Trucker Jacket, a piece of wearable technology aimed at urban cyclists. Its technological advancement is based on “a conductive yarn is weaved into the left cuff enabling touch interactivity so users can tap, swipe or hold to fulfill simple tasks like changing music tracks, blocking or answering calls or accessing navigation information (delivered by voice).”30 Other examples are garments measuring the wearer's vital metrics, such as a new athletic shirt line launched by Ralph Lauren, named the PoloTech™ Shirt, which tracks real-time workout data through fibers woven directly into the fabric of the item that read the user's heart rate and other key metrics. The shirt is configured such that data is streamed to the user's smartphone via a Bluetooth attachment.31 Designers have also tried to incorporate social media into wearable technology. CuteCircuit introduced the world's first haute couture “Twitter Dress,” an evening gown that displays tweets as they are received.32 While the marriage of fashion and technology is bringing together two powerful industries, these collaborations may raise concerns. Large tech companies partnering with                                                         25

Council of Fashion Designers of America, CFDA & Intel Unite on Wearable Technology, (Jan. 13, 2014), http://cfda.com/the-latest/cfda-intel-unite-on-wearable-technology. 26 Cynthia Martens, Luxottica Signs Intel Deal for Wearable Tech, Women’s Wear Daily, Dec. 3, 2014, http://www.wwd.com/accessories-news/eyewear/luxottica-signs-intel-deal-for-wearable-tech-8054996. 27 Connie Guglielmo, Apple Hires ‘Wicked Smart’ Burberry CEO To Run Retail, Serve As First Woman On Cook’s Top Team, FORBES, (Sept. 15, 2013, 10:48 AM), http://www.forbes.com/sites/connieguglielmo/2013/10/15/apple-hires-burberry-ceo-to-run-retail-serve-asfirst-woman-on-tim-cooks-top-team/. 28 Kim Bhasin, Michael Kors Is Getting Into Wearable Tech, BLOOMBERG BUS., (Feb. 5, 2015, 3:32 PM), http://www.bloomberg.com/news/articles/2015-02-05/michael-kors-is-getting-into-wearable-tech; See also Sharon Edelson, Rise of the Machines, WOMEN’S WEAR DAILY, (Dec. 19, 2014), at 12, available at https://pmcwwd.files.wordpress.com/2014/12/wwd1219web.pdf 29 Brian Heater, Michael Kors Brings Really, Really Big Design to Android Wear, TECH CRUNCH, (Sept. 6, 2016), https://techcrunch.com/2016/09/06/michael-kors-access/. 30 Rachel Arthur, The Future of Fashion: 10 Wearable Tech Brands You Need to Know, FORBEs, (Jun. 30, 2016), http://www.forbes.com/sites/rachelarthur/2016/06/30/the-future-of-fashion-10-wearable-techbrands-you-need-to-know/#7d8406284852. 31 The Polotech Shirt, RALPH LAUREN, http://www.ralphlauren.com/product/index.jsp?productld=699l7696&kw=polotech&sr=l&origkw=polotech (accessed on Oct. 17, 2016). 32 The Twitter Dress, CUTECIRCUIT, http://cutecircuit.com/the-twitter-dress/#read-more (accessed Oct. 17, 2016). 

5   

a number of designers may have implications for a fashion company’s intellectual property, business operations, and trade secrets. Fashion companies may want to closely monitor these partnerships, using vehicles such as licensing agreements or non-disclosure agreements to protect their company information. In order to avoid partnership with a large tech company, smaller companies that create components for fashion companies are emerging, such as i.am+, recording artist Will.i.am’s firm. As wearable technology is seemingly here to stay, fashion designers and companies may consider having their own in-house technology design departments, complete with software and hardware engineers. Wearable technology has brought together fashion and technology, and the promise of instant data, particularly regarding health. However, increased monitoring, production, and quantification of new data is raising privacy and protection concerns. II.

Privacy Considerations

Today’s policy discussions relating to wearable technology reflect concerns about privacy and security. A recent Federal Trade Commission (“FTC”) report (the “FTC Report”) identified potential privacy risks associated with wearable devices including “the direct collection of sensitive personal information, such as precise geolocation, financial account numbers, or health information,” and the “collection of personal information, habits, locations, and physical conditions over time.”33 While these risks are self-evident in the context of Internet and mobile commerce, wearables present different challenges as the volume of data gathered from users could be significantly, if not exponentially, higher than regular mobile device, such as smartphones and tablets. a.

For Consumers

Because much of the existing wearable market is comprised of health and fitness devices, there has been a large focus on the types of data generated from these products. Health and fitness wearables monitor and gather information such as steps per day, sleep patterns, calories burned, and GPS location, and may also require users to input private health information. While this data may be necessary for the wearable’s functionality, its input, and subsequent management, leave the user vulnerable to potential third party transfers or security breaches. A recent Mobile Ecosystem Forum (MEF) report on the use of wearable devices in the health sector found that the current global health and fitness app market is worth $4 billion and is slated to be worth $26 billion by 2017.34 FTC guidelines apply to “digitial                                                         33

Federal Trade Commission Staff, Internet of Things: Privacy & Security in a Connected World, (Jan. 2015), at 14, available at http://www.ftc.gov/system/files/documents/reports/federal-trade-commissionstaff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf. 34 MEF, GLOBAL MHEALTH & WEARABLES REPORT 2015: MEASURING AWARENESS OF WEARABLE DEVICES AND THE EMERGENCE OF MHEALTH AND WELLBEING (2015), http://www.mobileecosystemforum.com/wp-content/uploads/2015/04/mHealth-wearables-reportFINAL.pdf.

  6   

health” applications.35 In September 2013, the United States Food and Drug Administration (“FDA”) released guidelines on mobile medical devices.36 A loophole exists in these guidelines “as they apply only to apps that are promoted for medical purposes, such as the diagnosis, cure, treatment or prevention of a disease. Without a secure privacy policy or protection from [the Health Insurance Portability and Accountability Act], users’ health information obtained via these trackers could be sold to third parties.37 Unless you live in a state that treats this health data as Protected Health Information (“PHI”), developers may share your data without your permission.38 According to the FTC Report, “massive volume[s] of granular data” gathered by devices “allows those with access to the data to perform analyses that would not be possible with less rich data sets.”39 Consumers have additionally voiced concerns that the collection of “sensitive behavior patterns” via wearable devices may be used in unauthorized ways or by unauthorized individuals, and that companies may use collected data to make credit, insurance, and employment decisions.40As mentioned above, data collection is critical to a wearable’s optimum functionality, but is also a vast trove of valuable information for tailored marketing purposes. Consumers want to know the answer to questions like: “who owns the data, where it is stored, if it’s encrypted, how it can be used, and whether the data can be repackaged and sold for purposes not expected by consumers remains unanswered.”41 There are a variety of ways consumers can protect themselves. They can avail themselves of password protect, security lockout, security software or encryption features on the devices. Consumers can also disable third party cookies on devices that use Internet browsers. As with any other device, they should be aware of dangers of cloud computing,

                                                        35

Digital Health, U.S. FOOD & DRUG ADMINISTRATION, http://www.fda.gov/medicaldevices/digitalhealth/ (accessed on Oct. 17, 2016). 36 Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff, U.S. Food and Drug Admin., (updated Feb. 9, 2015), http://www.fda.gov/downloads/MedicalDevices/.../UCM263366.pdf. 37 Press Release, Senator Charles E. Schumer, Schumer Reveals: Without Their Knowledge, Fitbit Bracelets & Smartphone Apps Are Tracking Users Movements And Health Data That Could Be Sold To Third Parties; Calls For FTC To Require Mandatory Opt-Out Opportunity Before Any Pers. Data Can Be Sold, (Aug. 10, 2014), http://www.schumer.senate.gov/newsroom/press-releases/schumer-reveals-withouttheir-knowledge-fitbit-bracelets-and-smartphone-apps-are-tracking-users-movements-and-health-data-thatcould-be-sold-to-third-parties-calls-for-ftc-to-require-mandatory-opt-out-opportunity-before-any-personaldata-can-be-sold. 38 Cindy Ng, 5 Privacy Concerns About Wearable Technology, VARONIS BLOG, (Mar. 11, 2014), http://blog.varonis.com/5‐privacy‐concerns‐about‐wearable‐technology/. 39 Federal Trade Commission Staff, Internet of Things: Privacy & Security in a Connected World, (Jan. 2015), at 15, available at http://www.ftc.gov/system/files/documents/reports/federal‐trade‐commission‐ staff‐report‐november‐2013‐workshop‐entitled‐internet‐things‐privacy/150127iotrpt.pdf. 40 Federal Trade Commission Staff, Internet of Things: Privacy & Security in a Connected World, (Jan. 2015), at 15, available at http://www.ftc.gov/system/files/documents/reports/federal‐trade‐commission‐ staff‐report‐november‐2013‐workshop‐entitled‐internet‐things‐privacy/150127iotrpt.pdf. 41 Hamza Shaban, Will the Internet of Things Finally Kill Privacy?,THE VERGE, (Feb. 11, 2015, 9:30 AM), http://www.theverge.com/2015/2/11/8016585/will-the-internet-of-things-finally-kill-privacy .

7   

and carefully read terms of service agreements and privacy policies before clicking accept42 Query whether consumers truly follow such guidelines, and the extent to which they are even aware of data security risks when using wearables. There is no question, however, that consumer sophistication and sensitivity to privacy measures is growing, and that consumers will come to expect a company to address such concerns in a straightforward and transparent manner. b.

For Businesses

Given the discussion of privacy and data security risks above, companies developing wearable technology products should implement reasonable security measures. There is no “one size fits all” checklist, and reasonable security depends on a number of factors, such as the volume and nature of data collected, and the cost of a potential impact should a security breach occur. This is of particular importance for wearable technology devices; since some devices possess tailored functions generating specific data the inquiry into developing reasonable security measures is device-specific. According to Justin Brookman, the consumer privacy project director at the Center for Democracy and Technology, “consumer protections should be baked in from the beginning” of a developing a product.43 “Users should be in control of the devices they own. Companies shouldn’t just collect data unrelated to core functionality just on the theory that it might be interesting for advertising or research one day,” and “too many Internet of Things devices seem to be developed with security as an afterthought.”44 Companies with wearable technology products should draft terms of service and privacy policies accompanying their products that outline what data is collected, how it is stored, its use, any third party involvement, and should clearly explain to consumers if and how security updates are handled. Some options for companies to provide choice to consumers before data collection include choices at point of sale, tutorials on privacy settings, and choices during device set-up.45 These alternative options for choice are particularly important for wearable devices that do not have a screen or interface to connect with a consumer. When possible, companies should limit the collection and retention of consumer data. Companies should also ensure that service providers maintain reasonable security and oversight. Any collected sensitive information should be encrypted or otherwise secured. Additionally, companies should ensure that their personnel practices promote good security. Discussed further below, companies and their human resources teams should ensure policies, business operations, and employee contracts are updated and take into account the implications of wearable technology and the workplace, and the need to protect a company’s confidential information, intellectual property, and trade secrets.                                                         42

Privacy Rights Clearinghouse, Fact Sheet 18: Online Privacy: Using the Internet Safely, (Mar. 1, 2015), available at https://www.privacyrights.org/online-privacy-using-internet-safely#cloud. 43 Alexei Alexis & Lydia Beyoud, Tech Week Ahead: Senate Panel on ‘Internet of Things’; FTC, FCC at Capitol Hill Tech Talk, BLOOMBERG BNA, (Feb. 6, 2015), http://dailyreport.bna.com/drpt/display/batch_print_display.adp. 44 Id. 45 Id.

8   

III.

Privacy and Data Protection Laws

a.

The United States

One of the most central concepts in information privacy regulation is personallyidentifiable information (“PII”).46 The scope of privacy laws turn on whether PII is collected. Generally speaking, information or a combination of information that can identify an individual is considered PII and warrants protection. This includes, but is not limited to an individual’s name, social security number, biometric records, and medical, educational, financial, and employment information.47 Currently, there is no comprehensive legal protection for personal information in the United States, only a patchwork of laws that apply to specific areas. The FTC is the administrative agency that enforces laws that protect consumers from unfair or deceptive business practices. The Federal Trade Commission Act (the “FTC Act” or the “Act”)48 authorizes the FTC to seek equitable and injunctive relief, including redress, for the violations of the Act, and provides a basis for government enforcement of fair information practices. For example, failure to comply with stated practices and policies may constitute a deceptive practice, and may be inherently unfair.49 The need to protect PII was first established by the Privacy Act of 1974, which requires federal agencies to apply Fair Information Practices Principles (“FIPPs”) to PII.50 The FTC Report focuses on four FIPPs in particular: data security, data minimization, notice, and choice with regards to the Internet of Things and wearable devices. As mentioned above, with regards to data security, the FTC recommends companies implement a “security by design” approach that “assesses the privacy and security risks of a product, both at the design stage and throughout the Internet of Things device’s life cycle.”51 With data minimization, the FTC recommends limiting data collected and retained, and disposing of data when it is no longer needed. It also addresses the concern that “maintaining large troves of consumer data could make a company a target for criminals and could increase the risk that the company will use the data ‘in a way that departs from                                                         46 Rules and Policies-Protecting PII-Privacy Act, U.S. GEN. SERV. ADMIN., (last visited Apr. 1, 2015), http://www.gsa.gov/portal/content/104256. 47 Erika McCallister et. al., U.S. Dep’t of Commerce, Nat’l Inst. of Standards and Tech., Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (April 2010), at 2-1, http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf. 48 The Federal Trade Commission Act, 15 U.S.C. §§ 41-58 (1949). 49 The Federal Trade Commission Act, 15 U.S.C. §§ 41-58 (1949). 50 The U.S. Dep’t of Justice, Overview of the Privacy Act of 1974, 2012 Edition, (June 19, 2014), http://www.justice.gov/opcl/overview-privacy-act-1974-2012-edition. 51 James N. Duchesne, et al., BALLARD SPAHR, LLP, Internet of Things: Federal Agencies Offer Privacy and Data Security Best Practices, (Jan. 29, 2015), http://www.ballardspahr.com/alertspublications/legalalerts/2015-01-29-internet-of-things-federal-agenciesoffer-privacy-data-security.aspx

9   

consumers’ reasonable expectation.’”52 The FTC acknowledges the obstacles associated with notice and choice, particularly with devices that do not have an interface, as discussed above. “Whatever approaches are chosen by a company, notification should be clearly and prominently disclosed.”53 Companies, are not required to provide choice “before collecting and using consumer data for practices that are consistent with the context of a transaction or the company’s relationship with the consumer.”54 These practices, referred to as “commonly accepted practices,” include product service and fulfillment, internal operations, fraud prevention, legal compliance and public purpose, and first party marketing. The Obama Administration has advocated that these principles should govern private-sector data collection and they have been formally included in the Consumer Privacy Bill of Rights – a framework developed by the current administration to address consumer privacy concerns.55 On January 28, 2015, in honor of Data Privacy Day, U.S. Representatives Bobby L. Rush (D-Ill.) and Joe Barton (R-Texas) reintroduced the Data Accountability and Trust Act (“DATA”), H.R. 580.56 Substantially similar to the bill originally introduced by the 110th Congress, DATA “requires commercial entities that own or possess any personal information of consumers to implement effective information security policies and procedures to safeguard that information.”57 Members of the United States Senate Committee on Commerce, Science, and Transportation have also entered into the growing policy debate surrounding the “Internet of Things” and wearable devices, and held a hearing to discuss the issue on February 11, 2015.58 The hearing focused on “how devices – from home heating systems controlled by users online to wearable devices that track consumers’ health – will be made ‘smarter and more dynamic’ through Internet technologies.”59                                                         52

Id. Id. 54 Federal Trade Commission Staff, Internet of Things: Privacy & Security in a Connected World, (Jan. 2015), at v, available at http://www.ftc.gov/system/files/documents/reports/federal‐trade‐commission‐ staff‐report‐november‐2013‐workshop‐entitled‐internet‐things‐privacy/150127iotrpt.pdf. 55 Consumer Data Privacy In A Networked World: A Framework For Protecting And Promoting Innovation In The Global Digital Economy, THE WHITE HOUSE, (Feb. 2012), http://www.whitehouse.gov/sites/default/files/privacy‐final.pdf. 56 Press Release, Representative Bobby L. Rush, Reps. Rush and Barton Reintroduce the Data Act (Jan. 28, 2015), http://rush.house.gov/media‐center/press‐releases/reps‐rush‐and‐barton‐reintroduce‐the‐data‐ act. 57 Press Release, Representative Bobby L. Rush, Reps. Rush and Barton Reintroduce the Data Act (Jan. 28, 2015), http://rush.house.gov/media‐center/press‐releases/reps‐rush‐and‐barton‐reintroduce‐the‐data‐ act. 58 The Connected World: Examining the Internet of Things, Hearing Before the: U.S. Senate Comm. On Commerce, Science, and Transp., (Feb. 22, 2015, 9:45 AM), http://www.commerce.senate.gov/public/index.cfm?p=Hearings&ContentRecord_id=d3e33bde-30fd-4899b30d-906b47e117ca&ContentType_id=14f995b9-dfa5-407a-9d35-56cc7152a7ed&Group_id=b06c39afe033-4cba-9221-de668ca1978a. 59 Id. 53

10   

The FTC has shown that it is not afraid of changing its opinion as development of data security progresses. On July 29, 2016, the FTC made the latest decision in its battle with LabMD, Inc. (LabMD) when it reversed an initial verdict. The FTC determined that LabMD’s data security practices constitute an unfair act or practice within the meaning of Section 5 of the Federal Trade Commission Act. It issued an Opinion and Final Order requiring LabMD to “notify affected consumers, establish a comprehensive information security program reasonably designed to protect the security and confidentiality of the personal consumer information in its possession, and obtain independent assessments regarding its implementation of the program.”60 b.

Europe and Other Countries

Privacy parameters are substantially different in other geographical locations, and in particular in the European Union. The EU Data Protection Directive (“the Directive”) is expected to be replaced by the uniform General Data Protection Regulation (“the regulation”).61 On May, 4 2016, the official texts of the Regulation and the Directive were published in the EU Official Journal in all the official languages. While the Regulation will enter into force on May 24, 2016, it will apply starting from 25 May 2018. The Directive enters into force on May 5, 2016 and EU Member States have to incorporate it into their national laws by May 6, 2018.62 Each member state is required by the Directive to establish a “supervisory authority” to implement and enforce its data protection laws.63 Many member states currently require data processors to file annual summaries of the personal data being processed.64 The regulation will require additional internal controls and documentation relating to personal data processing, and will also require the appointment of data protection officers.65 Other countries, such as Canada and Australia have their own sources of data protection laws. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA), and in Australia the Privacy Act of 1988, which aim to address privacy and data concerns.66 c.

Next Steps, Current Solutions

Existing legislation in the U.S. and abroad arguably may or may not address privacy and data protection concerns. Given the speed of technological transformation, it is                                                         60

In the Matter of LabMD, Inc., FTC, https://www.ftc.gov/system/files/documents/cases/160729labmdopinion.pdf. 61 Olivera Medenica, The Importance of Counsel in the Context of the Fashion Industry’s Emerging Issues, in NAVIGATING FASHION LAW, 58 (Aspatore Books 2015), 62 Protection of Personal Data, EUROPEAN COMMISSION, http://ec.europa.eu/justice/data-protection/ (accessed on Oct. 17, 2016). 63 Id. 64 Id. 65 Id. 66 Risk Map, TAYLORWESSING, http://www.taylorwessing.com/globaldatahub/risk_map.html (last visited Apr. 1, 2015).

11   

unlikely that comprehensive legislation will be developed and implemented in the near future that fully addresses privacy and innovation concerns. Until the law catches up, policymakers should not forget that individual and societal adaptation may play an important role in shaping norms to regulate wearable technology. Best practices for companies entering the wearable technology realm remain the same as in any social media platform. The collection and use of consumers’ data must be clear, accurately described, and reflected in a company’s privacy policy. Any sensitive information, including PII, financial, and precise location data should only be used after obtaining express affirmative consent from users. Appropriate security measures must be provided to protect sensitive information. But most importantly, and obviously, a company should comply with its own privacy policies. Failure to do so may result in substantial FTC sanctions. IV.

Employment Considerations

Analogous to the issues raised by the advent of smartphones, wearable technology may be making its way into the workplace via employees’ personal use. In the context of labor and employment, the overarching issue is privacy. Employees bringing their personal wearables into the workplace may result in privacy breaches of confidential, sensitive information, either in the form of company information, or sensitive information relating to private conversations between employees.67 Given this, employers will need to address if, when, and how they will accept wearables into their company. Some specific issues that may arise in a workplace environment are an employee using wearable technology to record private meetings or disciplinary actions, then using the recording for bullying, blackmail or in legal proceedings, or employees using wearable technology to view inappropriate content easily monitored on desktop computers.68 Moreover, employers are also interested in using wearable technology to monitor employees' activities so that they can implement changes based on the employee’s productivity and well-being. As wearable technology is able to collect some really personal data, even outside of working hours, employers are bound by more stringent requirements. The best practice, of course, is to obtain consent for the collection, use and disclosure of personal data via wearables.69 Companies should establish clear procedures and policies regarding employees’ use of technology in the workplace and consider revising their employment agreements to reflect the same. While most employers currently have social media policies within their current company manuals, the emergence of wearable technology may require employers                                                         67

Bill Goodwin, Wearable Technology Creates New Privacy Issues for Employers, COMPUTERWEEKLY.COM, (June 24, 2014, 10:30 AM), http://www.computerweekly.com/news/2240223173/Wearable-technology-new-privacy-headaches-foremployers. 68 Id. 69  Jay Hancock, Workplace Wellness Programs Put Employee Privacy at Risk, CNN (Oct. 2, 2015, 12:37PM), http://cnn.it/1WL4GbZ. 

12   

to alter their policies.70 Wearable technology in the workplace may also require employers to make amendments to employee manuals, employment agreements and require additional training for human resources, supervisors, and employees.71 V.

Intellectual Property

While still in relative infancy, wearable technology may raise a number of intellectual property (IP) challenges that may mirror those that came about with smartphones and mobile technology. Similar to smartphones, wearables often involve several components (an actual physical object, an app, and possibly downloadable software) that may require different types of protection relating to a single saleable good. As wearable technology provides opportunities for fashion and technology companies, it is important for companies to consider protecting every aspect of their wearable technology products, including the appearance, operation, and branding. a.

Copyright

Copyright provides a powerful tool in the fashion industry for protecting fabric designs and other types of protectable artistic expression. While copyright protects the artistic elements of a product and not its functional elements, certain creative elements of a product may warrant copyright protection as long as those creative elements are conceptually separable from the whole product.72 With regards to wearable technology, copyright may provide protection for the actual design of the product, jewelry, software, and digital codes, depending on the device. b.

Trademarks

Trademarks are perhaps the most widely used form of IP in the fashion industry. Trademarks are words symbols, logos, or designs that serve as source identifiers, enabling consumers to distinguish between goods and products of different companies in the marketplace. Brand owners will want to make sure their trademarks are protected and used correctly, particularly when collaborating and creating wearable products with technology companies through various licensing arrangements. But brands should also consider non-traditional methods of protecting trademark rights such as product configuration, sounds, color, scent and motion marks. As mentioned above, one wearable technology product may involve multiple dimensions – in 3d, as an app, or downloadable software. Trademark usage should remain consistent across the board. But the wearable itself may benefit from trademark protection if it has a nonfunctional design. Furthermore, if the wearable emits a sound, a scent, or involves movement (such as a digital icon), it can benefit from trademark protection as well.                                                         70

The Wearable Technology Revolution: Is your Workplace Prepared?, TAYLORWESSING, (June 2013), http://www.taylorwessing.com/globaldatahub/article_wearable_technology_revolution.html. 71 Id. 72 See Kieselstein-Cord v. Accessories by Pearl. Inc., 632 F.2d 989, (2d Cir. 1980).

13   

Fashion brands entering the wearable tech field should therefore critically assess all aspects of the product to determine whether some independent features of the product could benefit from trademark protection, either immediately or through demonstrated brand recognition in the marketplace. c.

Patents

Patents protect the novel and unique features of an invention. The invention can be a tool, a design, or a technological innovation. In the wearables market, patents play a critical role in obtaining a leading edge over competitive products. Given the abundance of health related wearables, sensor technology is of particular importance. For example, activity trackers that measure blood-flow and optical sensors are currently some of the most sought after features of wearable technology. These may be incorporated into bracelets, necklaces, watches, ear buds, and glasses. Recently, Adidas and its partner, body sensor manufacturer Textronics, were named defendants in a patent infringement lawsuit filed by a different body sensor products manufacturer – Sarvint - over the use of sensor technology employed in Adidas’ line of miCoach training shirts. The shirt features special fibers designed to collect the wearer’s vital signs, and it is connected to a smartphone app.73 Developing a patent in house, or partnering up with a company developing proprietary sensory technology becomes a critical component of a successful wearable. Although a full discussion of patent licensing pitfalls is beyond the scope of this White Paper, fashion brands should carefully negotiate patent licensing terms such as compensation, scope, territory and duration in order to maximize return on investment.

VI.

Product Liability

While the marriage of fashion and wearable technology brings a host of new privacy and intellectual property concerns, it also increases a brand’s exposure to product liability. Wearables can result in bodily injury, not only due to their inherent physical proximity to the wearer, but also because of their ability to distract the wearer from daily activities such as walking, or driving. In other words the product itself can cause injury, or the wearer can cause injury to third parties as a result of wearing the product. Recently, the U.S. leader in the activity tracking market, Fitbit, recalled its activity tracker, the Force Wristband, after consumers complained of skin irritation and allergic reactions due to the nickel in its stainless steel bands.74Even small-scale injuries, such as                                                         73  Zainab Hussain, Weary of Wearabales: IP, Privacy and Data Security Concerns, LAW PRACTICE TODAY (Jan. 14, 2016), http://www.lawpracticetoday.org/article/weary-of-wearables-ip-privacy-and-data-securityconcerns/.  74 Mark Rogowsky, Fitbit Force Recall Is Bad News For The Company And Wearable Tech, But Is It Necessary?, FORBES, (Mar. 13, 2014, 8:45 AM),

14   

the case of Fitbit, can lead to substantial liability exposure. Some have argued that additional concerns may arise with respect to the long term health effects of wearables, such as radiation or other currently unknown risks.75 There are, however, few studies available that show the potential long-term health effects of wearables. Another concern relating to wearables, is the wearer’s carelessness as a result of operating or manipulating the wearable. A wearer’s absorption with the functionality of the wearable can cause a consumer to become oblivious to his surroundings to the detriment of third parties. Consider a driver toying with her wearable gadget while driving on a highway. This can result in significant injuries to not only the wearer, but third parties in the wearer’s careless path. 76 Lawmakers in New York, Maryland, West Virginia, Delaware, Illinois and Missouri have already introduced bills proposing a complete ban on wearable technology while operating a vehicle.77 Data generated by wearables can also constitute valuable electronic evidence. In a Pennsylvania criminal case at the trial-level, Commonwealth v. Risley, police questioned a woman's rape claim when her Fitbit contradicted her statement to the police.78 In another case involving a wearable device, attorneys obtained data from a wearable technology, called Strava, to show the defendant had been speeding and was responsible for the accident in controversy.79 As with any good product liability strategy, brand owners should ensure senior management quality assurance, provide documentation procedures, and emphasize the importance of product safety warnings. Many wearable technology devices do not have a screen or interface, creating the issue of where companies should place product disclaimer and safety warnings so they are accessible and available to consumers. As with FTC guidelines regarding notice and choice in privacy and data collection, companies may consider disclaimers and warnings at point of sale, during product set up, or provide links to online tutorials regarding possible health concerns and proper use of the device.80 Companies should also disclose the product makeup of the wearable and ensure it was adequately tested by trained staff and experts prior to public consumption.

                                                        http://www.forbes.com/sites/markrogowsky/2014/03/13/fitbit-force-recall-is-badfor-the-company-and-wearable-tech-but-is-it-necessary/. 75 Rong Wang, PhD, Wireless Radiation from Google Glass: Is There a Risk?, PONG, (June 4, 2013), http://www.pongcase.com/blog/wireless-radiation-google-glass-risk. 76 Roland Mathys, Legal Challenges of Wearable Computing, (2014), at 23, http://www.swlegal.ch/getdoc/5ff2741a-6e1e-4108-99c7-8dc1566f21b2/140731_Roland-Mathys_PaperLegal-Challenges-of-Wea.aspx. 77 Wrong Glasses for Drivers, THE TIMES TRIBUNE, (Mar. 12, 2014), http://thetimestribune.com/opinion/wrong-glasses-for-drivers-1.1648895. 78 Commonwealth v. Risley, Criminal Docket: CP-36-CR-0002937-2015 (Lancaster Cty., Pa.). 79  John G. Browning, Legally Speaking: When All Else Fails, Blame Social Media, SE. TEX. REC. (July 6, 2012, 8:37 AM), http://bit.ly/25iuilK.  80 Will Fitbit Rashes Lead to Warning Labels on all Wearable Technologies?, TECH NEWS, (Oct. 20, 2014), http://agbeat.com/tech-news/will-fitbit-rashes-lead-warning-labels-wearable-technologies/.

15