Dolls and toy trucks and vacuum robots and coffee makers today require more than a power source to work, they need an Internet connection if certain features and functions are to be accessed.
Those Internet-connected toys are part of a multi-billion market (sales of $7.6 billion US in 2020) that is only expected to grow in the next five years or so.
So, children’s safety experts, privacy advocates, non-profit organizations, and government agencies are sharing advice for a safer holiday season with tips to enhance privacy protection for kids.
They’re concerned about what’s been called the Internet of Toys, but of course many connected devices have a more serious role to play: physical devices that collect customer data and share it online are part of the Internet of Things, which includes gadgets like autonomous or semi-autonomous vehicles, personal fitness trackers and health monitors, home security cameras and other appliances, and the digital assistants we carry with us and use everywhere.
Connected toys come with risks, consumers are being warned, including the possibility that hackers could collect sensitive information shared with the toy – such as your child’s name, school, or location. Unsecured cameras or smart speakers with microphones could be used to watch or listen to your child – or to gather information about you, your family, your purchase history, your whereabouts and movements.
Often, such data is gathered without informed consent or appropriate protection.
Of course, it may not be a criminal hacker gathering the data; it may be a third-party tracker. It may be the manufacturer.
Such as the case of the Recolor colouring book, which is not really a book but an app for connected iOS and Android devices.
In a recently settled U.S. court case, the Federal Trade Commission said the app collected personal infor-
mation from users across its third-party advertising networks, and that the companies (one based in Toronto) behind the app failed to provide notice to parents or obtain verifiable parental consent before collecting what was personal information from underage users.
Under U.S. law, the companies behind Recolor have been fined millions of dollars as a result.
Even more concerning to some, smart toys incorporating artificial intelligence (AI) capabilities can collect different forms of data from children – and in different ways. AI-enabled can “learn” from their interaction with a child) and they can “teach” or assist children in educational learning by moving and performing programmable tasks.
Of course, among the most popular connected gadgets are not devices per se, but social media platforms. YouTube, Facebook, TikTok, Oath and more were among those that have been fined hundreds of millions of dollars in total for collecting personal information about children illegally.
Canada’s Office of the Privacy Commissioner of Canada has posted what it calls simple steps to help reduce privacy risks, such as checking how your personal information will be used and shared and turning off Internet-connected devices when you don’t need them.
The latter is theoretically easy enough, but the former – checking a company or product privacy policy – may not be that easy for kids, or adults. Yes, it is important to know what personal information may be collected, by whom, how it will be used, how long it may be stored and so on.
But reading legalistic privacy policies is like reading a foreign language for some people (if you do not speak the language, there may be unpleasant surprises).
Of course, the OPC advises against sharing any identifying information if you can. It recommends using a unique password if you have to set up an account to use a toy and suggests using a pseudonym for your child’s name.
In addition to some technical advice about setting up routers and using passwords the OPC says parents should talk to their kids about privacy and the importance of not sharing too much information.
In its *privacy not included guide, web browser developer Mozilla Foundation has looked at hundreds of privacy policies, and to the extent it can understand them, it has ranked them “Not creepy” to “Super creepy.”
Products services and applications are included on the list, which includes social media portals, smart door bells, fitness trackers, streaming media sticks, remote control cars, digital cameras, ear buds, coffee makers, and more.
Another place with good information about evaluating privacy threats is the Digital Standard, an open, community-based effort to define the industry’s best practices when it comes to privacy, security and other core aspects of connected devices and services.
Likewise,YourThings is a good reference website that rates various connected devices on cyber-security strengths and weaknesses. It too says there is a close relationship between security and privacy; when it comes to personal information stored on a device, your privacy depends on the device’s ability to keep your secrets safe from intruders.
Which in many ways really means your ability to manage your own device.
-30-