The technology that science fiction promised us has finally arrived, but accompanying it are new duties, liabilities, and causes of action.  Smart homes, or homes interfaced with internet functionality, are growing in popularity.  In a smart home, features like door locks and appliances may be connected to the internet, allowing consumers to remotely control or perform tasks from wherever they can maintain an internet connection.  Many consumers have noticed the promised convenience of smart homes and experts predict a coming business surge.  For instance, in the U.S., some experts predict that the industry’s revenue could reach $141 billion by 2023.  Yet although we may find ourselves on the cusp of new lifestyles and conveniences, consumers and industry would be well-advised to look at a recent opinion that previews the liability issues that will inevitably emerge.

In Doty v. ADT, LLC, No. 20-cv-60972, 2020 U.S. Dist. LEXIS 245373 (S.D. Fla. Dec. 30, 2020), the court granted in part and denied in part a motion to dismiss a consumer’s class action lawsuit initiated by misconduct with her smart home system.  The plaintiff had her home outfitted with smart home technology, including cameras inside and outside of her home and locks that could be controlled through an internet connection.  The trouble began when the technician that installed the system gave himself remote access.  According to the opinion, the employee accessed the plaintiff’s account over 70 times.  He allegedly viewed and downloaded footage from the security cameras inside and outside of her home.

The plaintiff filed a class action lawsuit on behalf of herself and all customers “whose security systems were remotely accessed by an employee or agent” of the defendant “without authorization from the customer”.  The plaintiff alleged several state law causes of action—including breach of contract, negligence, violations of the Texas Deceptive Trade Practices Act, intrusion upon seclusion, intentional infliction of emotional distress, privacy monitoring, and negligent hiring, supervision, and retention—and one federal claim arising under the Computer Fraud and Abuse Act at 18 U.S.C. Section 1030.

Doty has a number of takeaways, but three stood out to us.

First, the court’s reasoning behind its decision to not dismiss the breach of contract claim suggests an implied duty to protect consumers from invasions of their privacy.  Although the plaintiff’s contract contained an express waiver of implied covenants, the court found an implied covenant “to supply a security system reasonably secure from unauthorized access.”  The court agreed with the plaintiff’s argument that “the contract necessarily implie[d] an agreement that the security monitoring services would be secure from intrusion” by the defendant’s employees, opining that, “A contract for a security monitoring service that is itself unsecure is a contract for nothing at all.”  (Internal quotations omitted).

Second, in upholding most of the negligence claims, the court recognized a duty to protect consumers from unauthorized intrusions of their privacy and found that physical injury was not required for a damages award.  Specifically, the court stated the defendant had a duty to “reasonably protect Plaintiff from invasions of privacy through unauthorized access of that system and that Plaintiff may recover damages for mental anguish caused by a breach of that duty, even in the absence of physical damages.”  The court did not discuss what actions would satisfy this duty or the defendant’s business practices, which leaves an area that may be explored on summary judgment.

Third, the court recognized that there was no cause of action for privacy monitoring, but did not completely close the door on injunctive relief.  The plaintiff requested injunctive relief, which included requiring the defendant to “create a fund sufficient to cover the costs of commercial and/or legal services needed to remedy the invasion of privacy that they have suffered”.  The court granted the defendant’s motion to dismiss this claim, finding it was not a viable cause of action, but recognized that “injunctive relief may be an available equitable remedy in the event” the defendant “is held liable” on other claims.

If the experts are correct, smart home technology will only continue to proliferate.  Doty, however, suggests technology will not be the only force to grow.  Liabilities, duties, and causes of action will likely continue to grow as the industry develops.  Doty is a case that we will be watching.