Connected toys and games require data to work properly, and privacy experts are concerned about how children’s data are being collected, used and safeguarded.
The smart toy industry is growing rapidly. Some estimate the market could be worth more than $18 billion by 2023, but privacy regulation is lagging behind technological innovation. The biggest market for toys is China, and the world’s largest toy retailer is now Amazon.
In 2018, Mozilla discovered that the Dash robot, which is a popular coding toy used in schools, was sharing children’s data with third parties. So was Amazon’s Fire HD Kids’ Edition, although the company has repeatedly said that parents have the ability to view their children’s activity and to delete their data.
In the U.S., the Children’s Online Privacy Protection Act (COPPA) makes it illegal to collect data from children under the age of 13 without first obtaining a parent’s consent, and in 2017 the Federal Trade Commission updated COPPA guidelines to specifically include toy manufacturers. For connected toys, the terms of service are shown during set up, but most people don’t read the fine print. As a result, they are agreeing to data sharing, whether they realize it or not.
The privacy risks posed by connected toys mirror those adults face whenever using phones, smart cameras and speakers, and other connected devices. But our tolerance for data exposure shifts when children are involved. In the U.S., we expect to see heightened privacy concerns ahead of the 2020 holiday season and increased scrutiny by the FTC.
Toy manufacturers could find their products pulled from shelves if their toys are found to be in violation of local guidelines and recommendations.
Amazon, China, Federal Trade Commission, Mozilla, U.S. Public Interest Research Group.