Connected toys, online games and children’s data – the story so far

Spin Master Luvabella interactive doll

Our expert panellist John Carr OBE looks at the growing trend of connected toys and online games and growing concerns over protecting children’s personal data on these devices.

The growing trend of connected toys

Increasingly children’s toys are being marketed with internet connectivity built-in as an important feature. Dolls, teddy bears and “Action Heroes” are probably the most common. Games are not exactly “toys” in the way we have traditionally thought of them but practically all of today’s most popular games are downloaded from and played on the internet, either through a dedicated games console or some other device.

The connection to the internet might be made via a cable which hooks into a computer or router, but more likely it will be via an App on a tablet or smartphone using wifi.

What’s the concern with connected toys?

Both connected toys and online games have caused safety concerns but more recently the issue of privacy has come to the fore. So much so, in fact, that Britain’s privacy regulator, the Information Commissioner, makes a specific reference to them in a new set of regulations known as the Age Appropriate Design Code. It is expected to become operative early in the New Year.

Right now we don’t know exactly what the new regulation will say because the Government have yet to give it the final nod, but here is what the Commissioner recommended when they published their draft and asked for comments:
Connected toys and devices raise particular issues because their scope for collecting and processing personal data, via functions such as cameras and microphones, is considerable. They are often used by multiple people of different ages, and by very young children without adult supervision. Delivering transparency via a physical rather than a screen based product can also be a particular challenge.

What is the Commissioner going to recommend to businesses that sell these kinds of things?

If you provide a connected toy or device ensure you include effective tools to enable compliance with this code.
This might seem a bit lame or obvious but many toys do not have a screen attached or built in so it is not always obvious how you can check on or change privacy settings.

These sorts of comments were prompted, among other things, by incidents such as the “My Friend Cayla” doll. Children were “confiding” in their doll, only to learn later that the company concerned was very lax in their security measures. The children’s stories were being recorded and stored on remote servers and these servers were hacked. It hardly bears thinking about.

When this emerged the Dutch Government banned them for sale in Holland, the German Government recommended parents that had bought them to destroy them immediately and in the UK the dolls were withdrawn from the shelves of most reputable toy stores.

The moral of this story? Read what it says on the packaging about what data is collected through the toy and how and where it is stored.

If it hadn’t been for the General Election we would probably now know two things: what the Information Commissioner thinks about the privacy dimension of children’s toys that can connect to the internet and how the Government responds to the regulations.

Recent posts