Connected Toys and Privacy .. What Good Digital Parents Should Know

September 28, 2015

Toy manufacturers have always embraced new technology in their bid to attract the attention of children. Thomas Edison invented the first “talking doll” in 1888, and since then there have been many new toys that were considered “scary” when they were introduced, including video game consoles, dolls with the ability to move, interactive toys like the Furby, and the attention hungry Tamagotchi digital pets.

As our culture has become ever more “wired”, it’s not surprising that manufacturers have begun to create toys that connect to the Internet to enhance their interaction with children. Recently Mattel introduced “Hello Barbie”, a version of the venerable Barbie doll that can listen to the child and answer questions – a pint sized version of the Siri or Cortana voice response features on iOS and Windows devices.

Predictably, some parents and press reacted negatively, with questions about how much the devices are listening, what was being done with the data being captured. Reasonable concerns, to be sure.

Mattel is a hallmark brand in the U.S. and one would have to assume that they anticipated this sort of thing, launching such a toy in the age of the NSA revelations and daily credit card privacy breaches. Toy Talk, the company providing the technology that drives the toy is very forthcoming in their privacy policy about what is captured and how it is processed. The company further clarified their policy after the initial media storm.

These toys actually work by capturing your child’s voice asking a question, then sending that digital audio to a speech analysis server that does its best to figure out what your child said, and then passes the question to a different server which chooses the response and tells the doll to voice the response. Unlike your smartphone, the dolls don’t have a GPS sensor so it would be very difficult for a fraudster who was able to break into the system to determine exactly who and where your child is.

I don’t think connected toys from reputable brands represent any greater risk to you or your child’s privacy than any typical smartphone or online game. These brands cannot afford the potential damage to their image if their toys were found to be doing anything that would violate consumer trust.

That being said, there are risks. Like any wireless device, It’s possible that hackers could break its security, as they did with wireless baby monitors. If your child told a compromised doll your address, it would then be exposed. There’s no assurance that cheaper ‘knock off’ manufacturers won’t cut corners and deliver a products with security holes.

Connected toys are a tiny part of the new computer paradigm called the “Internet of Things”, which includes popular products like the FitBit, the Amazon Echo, and the Nest home automation products. Because it chiefly involves connected sensors and data, the IoT market is working diligently to solve the issues of privacy and security for consumer facing products.

In January 2015, the FTC’s Chairwoman Edith Ramirez put the industry on notice that they must do better at protecting consumer privacy or face government regulation. The industry appears to be working hard toward that goal. The leading toy manufacturers are certainly going to participate in that effort, perhaps even in a leadership role, because of their connection to children.

In summary, connected toys offer children a wonderfully interactive experience and they should not be avoided simply on concerns about privacy. Good digital parents should research the products before buying by checking privacy policies and of course by using the web to see if there are known privacy hacks or breaches before bringing them into the home.

Image courtesy of Flickr.

Written by

Roy Smith

Roy Smith is founder and CEO of AgeCheq, a company that innovates within the intersection of privacy and mobile devices, providing the mobile app industry with solutions for transparency and compliance.