Home Fitness Products – Making Sense of the Regulatory Risks Involved
26 July 2021 | 4 min read ⧖
The home fitness market is booming with revenues estimated to exceed €10 billion in 2021. The global impact of the COVID-19 pandemic has resulted in a huge spike in people opting to exercise in their homes and has given many non-fitness enthusiasts the opportunity to prioritise their health and fitness. Innovative technologies and associated apps such as smart treadmills and spinning bikes that monitor heart rate and smart dumbbells that monitor arm movement have proven very popular fitness tools but come with new legal challenges. We discuss some of the regulatory issues surrounding home fitness products and the technologies they utilise.
Home fitness products cannot be placed on the market if they are not considered ‘safe’ according to EU and Irish product safety rules. Under the General Product Safety Directive (GPSD), for a product to be safe it must not, under normal or reasonably foreseeable conditions of use, present any risk or only the minimum risks compatible with the product’s use, considered to be acceptable and consistent with a high level of protection for the safety and health of persons. Manufacturers should be aware of their potential obligations and liabilities under the product safety legislative framework.
Depending on the product type, this could also extend across product specific Directives such as, for example, Directive 2014/53/EU (Radio Equipment Directive), Directive 2014/35/EU (Low Voltage Directive) and Directive 2014/30/EU (Electromagnetic Compatibility (EMC) Directive).
In this context, it must be noted that the European Commission has put forward its proposal for a new General Product Safety Regulation (GPSR) which would substantially amend and replace the current GPSD. While software is not explicitly included within the definition of a ‘product’ under the new text, the proposed Regulation would expand the aspects for assessing whether a product is safe to include protection against cyber-security risks. In addition, the definition of ‘product’ under the proposed regulation expressly includes reference to items which are interconnected to other items.
Under the GPSD, when determining whether a product is safe, warnings and instructions for its use are considered. The fact that home fitness products are, by their nature, used in the home rather than a designated place of exercise or gym, comes with the risk of unintended users such as children accessing them and injuring themselves.
As such, it is vital that manufacturers include warnings on home fitness products to satisfy their legislative obligations, particularly around who the products are to be used by, where they ought to be used and how. If a manufacturer knows, or has reason to believe, that their home fitness products are being used for purposes other than their intended use, they will still have obligations and duties to users, including appropriate disclaimers and warnings.
Is the product a medical device under the Medical Device Regulation (MDR)?
Critical to any consideration of the regulatory risks posed by home fitness products is whether such products could be medical devices for the purposes of the MDR. Products, including software, which are intended to be used for a variety of ‘specific medical purposes’ including diagnosing, preventing, monitoring, predicting, treating or alleviating a medical condition are captured by the definition of medical device under the MDR. Home fitness products classified as medical devices under the Regulation are subject to strict obligations. These obligations are determined by a risk-assessment of the device, including clinical investigations, conformity assessments by notified bodies, CE marking and post-market surveillance. Placing a product on the EU market that does not meet these requirements can result in regulatory enforcement action, including fines or enforced recall of the product from the market.
The way that a product is presented to potential users (ie. particular health claims made) can also qualify the product as a medical device under the MDR. As such, manufacturers and developers should carefully scrutinise marketing and promotional material to ensure that any claims made about the product do not create the impression that it is intended to be used for one of the specific medical purposes provided for in the definition of a medical device. Such claims could inadvertently bring the product within the scope of the MDR.
Data Privacy considerations
Home fitness technologies can collect significant amounts of data about their users. As such, GDPR compliance obligations are a vital consideration for manufacturers of these products. Issues to consider include:
Being transparent with users and providing information about the data being collected and generated from their use of the technology, and how that data will be used. This information should be easily accessible to users and easy to understand. Providing sufficient information to users regarding their privacy can be challenging, particularly on small-screen devices. Use of easily accessible online privacy notices and appropriate linking and layering of full privacy policies should be considered by manufacturers of such devices when providing this information.
Understanding whether they are collecting ‘health data’, as defined under the GDPR. As health (or genetic or biometric) data is particularly sensitive, the GDPR designates it as a ‘special category of personal data’ that must be given additional protections. This often means a manufacturer needs to obtain a user’s explicit consent before using it. Answering this question will depend on the picture the data paints about the user’s health. Simple step count data likely won’t qualify as health data but data on step count, diet, heart rate and blood pressure combined might. Manufacturers need to take extra precautions when processing this category of data.
Ensuring appropriate security measures are in place to protect the data and ensuring the technology has been developed in accordance with the GDPR’s rules on privacy-by-design and default. These rules mean that privacy cannot be an ‘add-on’ consideration at the end of the product development process but something that needs to be considered from the outset.
Use of Artificial Intelligence
Many home fitness products also now incorporate AI into their design. The complex characteristics of these technologies is not explicitly dealt with under existing legislation, which presents challenges for product safety. This has prompted the European Commission to publish legislative proposals of which providers, users, importers and distributors of AI should take note. For instance, the European Commission’s GPSR proposal will expand the aspects for assessing whether a product is safe under the GPSD to include the evolving, learning and predictive functionalities of the product.
In addition, a new AI specific regulation has been proposed by the European Commission. This regulation will introduce strict requirements for AI systems classified as ‘high-risk’ before they can be put on the EU market. This includes adequate risk assessment and mitigation systems, the use of high-quality data sets to minimise risks and discriminatory outcomes, and logging of activity to ensure traceability of results. AI systems classified as limited risk such as chatbots will have less onerous transparency obligations providing that users must be able to make an informed decision on whether they wish to interact with these types of systems. Lastly, AI systems classified as minimal risk, which pose only minimal or no risk for citizens’ rights or safety (most AI systems according to the European Commission), will not be subject to any new obligations.
Home fitness products present many regulatory challenges and risks for their manufacturers, particularly when innovative new technologies are involved. Manufacturers must ensure that the home fitness products they place on the EU market are safe and accompanied by adequate warnings. Careful consideration should be given as regards the intended use of these products as this could trigger onerous MDR obligations and sanctions for non-compliance could follow. Manufacturers of home fitness products which collect data from their users should be mindful of their GDPR obligations, while those that utilise AI should pay close attention to legislative developments in this space.
For more information, please contact a member of our Product Regulation & Consumer Law team.
The content of this article is provided for information purposes only and does not constitute legal or other advice.