Do internet-connected toys threaten your child's privacy?

Heather Parry

By Heather Parry

11 May 2017

As anyone with young children knows, an increasing number of kids’ toys these days come with internet connectivity built-in.

With toys like Hello Barbie, CogniToys Dino and Amazon Echo gaining popularity, it’s becoming the norm to have toys or systems that “listen” in your home. These devices are always on and always connected to the net, ready for when they need to be used—and when played with, they record the voices of the children and save these recordings, in order to “learn” for next time and become “smarter”.

A new study funded by the Consumer Privacy Rights Fund at the Foundation for Communities and the Environment and by UW’s Tech Policy Lab found that parents are beginning to have real concerns about the impact that such toys may have on their privacy, and on that of their children.

Home devices that “listen” have already caused some alarm amongst privacy advocates. Amazon Echo in particular has already been at the centre of a number of discussions (and court cases). However, many parents don’t realise the extent to which WiFi-enabled toys and devices intrude on their family’s privacy—and when they do, the study claims that they find it concerning.

But are they right to be worried?

Some toys, such as the ones cited above (and in the study), are considered, within the industry, to be good examples of devices that preserve privacy for the children who play with them. Strong encryption practices have been employed in some cases, as an attempt to protect the data and recordings of the families who use the toys.

However, it’s often the case that the child is unaware that they are being recorded, and parents may also compound the issue by sharing the device’s recording of their child on social media.

Outside of the examples given in the study, too, there is real cause for concern.

The Federal Trade Commission (FTC) recently announced that it was investigating two particular toys over privacy and security complaints: My Friend Cayla and i-Que Robot. The My Friend Cayla doll has already been banned from sale in Germany due to concerns that the personal data of its users were vulnerable and could be stolen.

There’s also a precedent for attacks on children’s toys. Two years ago hackers attacked toymaker Vtech, exposing the personal data of 6 million children and 5 million adults.

So how can you protect your privacy with net-connected toys around?

The study contains a list of recommendations for toy manufacturers to impose limits on the amount of time a recording will be stored for, allow parents to manually delete the conversations, and to ensure that the child understands that their voice is being recorded.

However, until these recommendations are acted upon, parents will need to be vigilant about understanding and monitoring how these toys affect their family. If there are parental controls on your child’s device, learn how to use them and increase the privacy as much as possible. You can also refrain from sharing recordings of your child on social media, and write to the toy manufacturers requesting information about where and for how long any recordings are stored.

Of course, if you have real concerns about how these “smart” toys might impact your family’s privacy, there is one simply solution: Don’t have them in your home.

About Us

SurfEasy is a VPN tool that protects your online privacy and unblocks the internet. Use it on your Mac, PC, iPhone, iPad or Android.

Learn More