Kids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots

December 1, 2016

Author: Stacey Gray

Today, at the 2016 Family Online Safety Institute (FOSI) Annual Conference,  the Future of Privacy Forum (FPF) and FOSI released a white paper, Kids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots.

FPF and FOSI understand that connected toys are creating opportunities for interactive play and education, but also creating new privacy and security challenges. Toys that can become a child’s closest friend, play games, and provide advice through the use of sophisticated cloud-based computing and personal information are raising questions about how to ensure families can make appropriate choices about how data is collected and used.

“At FPF, we recognize the benefits that connected home technologies can provide to individuals, families, and kids,” said Jules Polonetsky, FPF’s CEO. “We also know that privacy issues can make or break adoption of connected home tech – particularly questions about whether kids’ privacy and security are sufficiently safeguarded. Children are playing with dolls that listen and talk, interactive animals, and apps that link toys to digital services. As connected toys become more popular, it is important for toymakers to be transparent about their data practices and to mitigate security risks.  Federal law provides key safeguards, but more can be done to build trust.”

“The new world of connected toys offers an extraordinary range of opportunities for learning, exploring and just plain fun,” said Stephen Balkam, FOSI’s Founder and CEO. “However, data is the difference between these ‘smart’ toys and traditional ones. Parents need to be aware of how a toy collects, shares, and stores their child’s information. Industry must ensure the safety and security of that data and find innovative and effective ways to inform parents of how their child’s information is being used.”

Kids & The Connected Home describes the current landscape of connected toys, identifying what distinguishes them from conventional toys and other smart toys. The white paper analyzes existing regulations under COPPA that have established important safeguards for information collected from children, and how those regulations apply. Stacey Gray, FPF Policy Counsel, points out that shopping for connected toys often happens in retail stores, where COPPA does not require a privacy disclosure.

pii

“Parents should be able to understand at the point of sale—before bringing it home to their child—whether or not they will later be asked to consent to the toy’s collection of their child’s personal information,” Stacey said. “A full privacy policy on the box is not likely to be helpful, but some sort of cue will help parents decide before purchasing whether they are comfortable with the toy or whether they would like to do more research.” As a prime example, Kids & The Connected Homecites a packaging label notice on Fischer-Price’s connected toy, Smart Toy.

The report also provides several leading privacy and security practices that can help companies build trust, such as: 1) Determine when local processing, remote processing, and third-party sharing is appropriate, and mitigate security risks for the selected approach to data processing; 2) Ensure that strong encryption standards prevent the toy from communicating with unauthorized devices or servers; and 3) Do not use passwords that cannot be changed by users, and do not share a single default password between toys.

On July 20, 2016, FPF, FOSI, and Christian Science Monitor Passcode hosted Kids & the Connected Home in Washington, DC. This event featured discussion by a diverse group of industry experts about kids, connected toys and devices, and privacy. In Kids & The Connected Home, FPF & FOSI discuss and expand upon the issues raised at that event, which concerned the emergence of connected toys and their social and legal implications. Throughout, the report addresses key questions that animate the discussion around children and the connected home:

  • Connected Toys. Does COPPA apply to connected toys? And does the screen-less nature of many connected toys suggest that an update to COPPA may be required to adequately address privacy concerns?
  • Connected Homes. Does COPPA apply to general connected home devices that serve families?
  • Parental Controls. Do parents have appropriate controls and information to make well-informed decisions regarding their children’s interactions with the connected home and toys? If not, how can this be addressed?
  • Data Security. How do we ensure that connected toys are sufficiently secure?

“Trust is a crucial precondition for widespread adoption of connected toys,” said John Verdi, FPF’s VP of Policy. “Parents must be satisfied that the digital products they invite into their homes will safeguard children’s privacy and keep information secure.”

Cross-posted with the Future of Privacy Forum website.