Practical Techie: Be careful — digital toys may be spying devices
In the high-tech world, security and privacy go hand in hand. If a device stores personal information, privacy depends on the gadget’s ability to keep secrets safe from intruders.
In that sense, some of the playthings we give our kids as Christmas or birthday gifts may be spying on us. So, which toys should we consider safer?
It is not a new dilemma. For example, in 2015, Mattel Toy Company had to withdraw its interactive “Hello Barbie” doll because of privacy concerns about how the dolly recorded child voices. Since kids say the darndest things, many parents didn’t appreciate what comments the cutie collected or stored for others to hear.
As gimmicks become more intelligent and interconnected with other devices, parents quickly lose track of where the stored data in toys may end, posing a privacy threat to a loved one.
There are three types of interactive toys: robotics, wearables, and learning.
Cute toys like Cloud Pets, a stuffed animal, allowed parents and their children to exchange messages remotely, hopefully only between them. Also, toys such as Kidizoon, or a smart doll dubbed “My Friend Cayla,” Cognitoys, Talk-to-Me Mikey, and Smart Toy Monkey all may concern some parents, according to the Dickson Wright, a Canadian legal adviser page.
Even more interactive ones as Smartwatch DX, SelfieMic, and Grush include GPS geolocation devices. Interestingly, these wearables sell as toys that help parents monitor a child’s movements but may pose privacy issues about legally protected data. Mainly by the Children’s Online Privacy Protection Act (COPPA) and the Federal Trade Commission (FTC).
How does it go? According to legal experts, the toys contain microphones, voice sensors, cameras, compasses, gyroscopes, radio transmitters, or Bluetooth that connect toys to the Internet. This allows remote servers to collect personal data to power the toy’s functionality, which third parties can later pick up or sell as marketing data.
Lawyers define as personal information that which could compromise privacy like names, addresses, online contacts, screen or usernames, telephone numbers, and Social Security. Under the COPPA statute, no child’s personal information younger than 13 years should be collected, used, or disclosed without parental consent.
Fines for violations of any federal privacy act may range from $16,000 to $40,000 per violation. It seems the FTC has not yet fined any connected toy operator as of 2021 because toy manufacturers in the know dodge the situation by limiting many playthings to only collect keypress responses and achievement levels in games.
Biometric recording or personal identifiers to operate a toy are very compromising. Collecting audio files with a child’s voice is allowed solely to replace written words, such as a search or fulfill a verbal instruction.
But, there was a breach of such regulations again in 2015 when a toy manufacturer produced a tablet that connected to the Internet, exposing the personal data of over six million children and four million adults. According to Dickson Wright lawyers, the breach included names, genders, dates of birth, and, worse, photographs.
The fear is always a hack of a connected toy when children record private conversations via Bluetooth or WiFi.
The FTC has a certification program that allows manufacturers to have a seal on their packaging or website if their toy has been reviewed and found to comply with children’s privacy requirements.
Anything next to the internet is always a privacy risk, so parents should seek this security label when buying any child an item with digital eyes and ears.
Sometimes buying a too smart toy may become a dumb idea. A chatty plaything can, in reality, be a nosey snitch.
