The Regulatory Environment for the Safety of the Internet of Medical Devices Users in the European Union and the United States

Abstract

Abstract The Internet of Medical Things (IoMT) devices, as well as the Internet of Things phenomenon itself, are gaining a new group of customers every day, for whom it is almost a matter of course to use a wide range of devices, such as Internet-connected complex life support equipment or “smart” watches monitoring basic life parameters. With the growing popularity of such devices, however, questions about the safety of their users begin to arise, because almost in proportion to the number of benefits associated with the use of these products, the number of risks associated with them increases – eg improper functioning of Internet-connected life support equipment, in addition to threatening the life or health of its user, may affect the physical security of the product itself, the security of both personal and technical (eg non-personal) data processed by the specific product, or finally the cyber-security of the product. While the issues related to the protection of personal data and privacy, in general, have been discussed many times by the doctrine, the issues related to the protection of users of these devices under consumer law have not been considered much. In this context, the question arises whether the current legal regulations provide an adequate and sufficient level of protection for IoMT users. In particular, whether the average IoMT user can actually exercise their rights under the provisions of consumer law and whether the protection afforded to him – both in terms of the scope of their rights and the scope of obligations and liability of manufacturers and suppliers of these devices – is not only illusory? In order to answer the above questions, the author will evaluate the prevailing market practices – still focused around the doctrine of “caveat emptor” or “let the buyer beware” – and compare them with these regulations and juxtapose them with relevant legal regulations. However, given the lack of geographical borders in the field of cyber security and privacy, the author will not only analyse EU cyber security legislation, but also US legislation in a comparative legal analysis. The choice of jurisdictions to be compared is also related to the size and importance of both the US and the EU for the global IoMT market. It should be noted that the United States has a dominant position in the IoMT, while the European Union is estimated to have the second largest IoMT market globally. At the same time, however, there are differences in legal systems between the two economic areas. An analysis carried out in this way will make it possible not only to answer the question posed above, but also to possibly identify those areas of regulation that need to be changed or adapted to the realities of IoMT.