As we enter the season of holiday shopping, many of the most popular children’s toys on the market are designed to connect to the internet. Toys have come a long way from the familiar teddy bears and dolls of past generations. Although toys that integrate technology are not new—we’re all familiar with pull-string dolls that speak, remote controlled racecars, and other classics—modern toys are increasingly equipped with an array of sensors and other sophisticated features. Toys like Mattel’s Hello Barbie and CogniToys’ Dino rely on sophisticated cloud-based services or artificial intelligence to provide interactivity.
Connected toys are creating new opportunities for interactive play and education, but also creating new challenges.
Toys that can become a child’s closest friend, collect intimate information, and provide advice are raising questions about how to ensure families can make appropriate choices about how data is collected and used. Future of Privacy Forum and Family Online Safety Institute have examined these issues in Kids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots, a white paper released today at FOSI’s Annual Conference.
Today’s world of tech-enabled toys is presenting unique challenges. First, advances in computer processing are enabling “smart toys” to interact in ever more sophisticated ways, even going so far as to simulate intelligence. Smart toys may include the use of microphones for speech recognition, cameras for detection of patterns and visual cues, accelerometers, proximity sensors, gyroscopes, compasses, or radio transmitters. In addition, many of today’s toys are designed to connect to the internet, and therefore to remote servers that collect data and power the toy’s intelligence.
The distinction between connected toys and other toys is important: Whether or not a toy is connected to the internet will be a key factor in determining whether or not the Children’s Online Privacy Protection Rule will apply.
More fundamentally, the privacy issues are different for connected toys. Smart toys that do not connect to the internet may raise important questions about child development and learning, but because data is not sent remotely, their privacy and security implications are more limited. Connected toys, in contrast, can connect to internet-based platforms or to other devices to enable data collection, processing, or sharing through a computer server. This key feature is what primarily generates concerns today over privacy and data security and makes them subject to COPPA.
Although COPPA provides a baseline of strong legal protections, FPF and FOSI have identified many ways that companies can go beyond their legal requirements and really build privacy and security into the design of their toys. For example, many connected toys today are purchased in brick-and-mortar retail stores, where COPPA—a law designed for websites—does not require privacy notices.