Kids, Connected Toys and Devices, and Privacy

|

Stuffed animal with Smart Toy notification on box

At FPF, we recognize the benefits that connected home technologies can provide to individuals, families, and kids.  We also know that privacy issues can make or break adoption of connected home tech – particularly questions about whether kids’ privacy and security are sufficiently safeguarded.   Families are using voice controlled devices to search the web, play games, and order products. Kids are playing with dolls that listen and talk, interactive animals, and apps that link toys to digital services.  Parents are using smart home technology to keep their families safe – connected tech can warn of fires or alert parents when a child falls into a backyard pool.

These technologies and many others are generating opportunities for interactive play and education, but also creating new challenges. Toys that can become a child’s closest friend, collect intimate information, and provide advice are raising questions about how to ensure families can make appropriate choices about how data is collected and used.

I think there are 5 key questions we need to answer about kids, connected homes, and privacy.

First: does COPPA apply to connected toys? Yes. Nearly all connected toys connect to online services or interact with apps that do.  This means that they are subject to COPPA protections.

Second: Do connected toys require a legislative update to COPPA because toys often lack screens and keyboards for parents to use to grant parental consent?  No. COPPA requires companies to provide notices and obtain consent from parents when online technologies collect personal data from kids.  Although many connected toys do not have built-in screens, toymakers are able to interact with parents through app-based or web-based interfaces.  And the COPPA rule allows for a range of alternative ways to verify parental permission and gives the FTC leeway to assess new methods as they become technically feasible.

Third: Are general home devices that serve families covered by COPPA? They are not and should not be. General purpose home devices like alarm systems, security cameras, smart TVs and home assistants are not targeted at children and don’t have actual knowledge of personal information about children.  Today, connected devices aren’t able to distinguish between an adult and a child.   This is similar to general purpose websites, search engines and other services that serve families – COPPA was designed to avoid placing its burdens on all users interacting with a service, simply because some children are using it.  The services that can understand speech are relying on speech recognition, not unique voice recognition, as we explain in a recent FPF whitepaper.

Fourth: Do parents have appropriate controls in light of kids’ interactions with the connected home? Sometimes they do, sometime they do not.  Law is a blunt tool, offering binary choices, on or off, legal or illegal.  But, as connected devices are becoming more integrated in our lives, parents must be able to have nuanced options to aid in their decision making.  More sophisticated and more usable design is going to be needed to help us manage the increasing number of options.  Carnegie Mellon’s Norman Sadeh and his team point the way to what is possible, with an app that uses artificial intelligence to learn what a user wants and then makes the hundreds of choices needed to fully configure the privacy options on a typical smartphone.

We will need technology and policy that allows parents to make choices consistent with their goals and values and that recognizes that not every household looks the same.  In some households, the child is the only English speaker, an elderly grandparent is the primary caregiver, no one has a credit card needed for age verification and the service needed is increasingly essential for school, work or play.

Finally: Are all connected home products sufficiently secure? No. Many digital devices have security vulnerabilities, and connected home systems are no different.  Does COPPA’s security requirement provide an adequate incentive for companies to work hard to provide reasonable security? Starting August 1, 2016, the maximum civil penalty for violating COPPA will more than double from $16,000 to $40,000 per violation. A violation is defined as each child an operator collects personal information from in violation of COPPA.  A connected toy directed at children under 13 with only 1000 users would face a potential civil penalty of as much as $40,000,000.  The FTC has super hero powers here – but it will take more than penalties.  Getting home security right requires education of device makers, software providers, home routers, and consumers who end up configuring these items.  Too hard to set up or use, the consumer turns the security off. Too easy, the hacker gets in.  The research needed to ensure useable security must be a priority.

We aren’t just thinking about toys and entertainment when we talk smart home. We are talking about inclusion of people with disabilities, the elderly, the underprivileged.  We are talking safety and education and health.

Some examples:

  • Seal SwimSafe, a wristband alerting parents parents if a user is submerged in the water for too long, if the band has been removed, or if the user is out of range.
  • The Starling is a wearable word counter that helps you maximize your child’s language development. Starling shows how much stimulation your child is getting every day, suggesting activities, story time, and more in order to increase word count and engagement crucial for development. Studies show babies who hear more words talk earlier, process language faster, and end up with larger vocabularies.
  • The Ring, a connected doorbell and home security solution, allow alert deaf or hard of hearing consumers to remotely monitor their door.
  • Evermind  helps with the issues of elderly living alone by alerting relatives when electrical appliances are switched on and off, signaling a possible change in routine which can be concerning.
  • Samsung’s Smart Sense Motion helps people remain connected to their elderly relatives by receiving immediate alerts if they failed to get out of bed, failed to open their medicine cabinet, if a caregiver hasn’t arrived, or other important situations.

And of course people are familiar with the Nest and its money saving, environmental and safety benefits. For people with mobility-related disabilities, smart home technology allows users to control things in the home that can be physically challenging to access such as lights, door locks, or security systems.

It is true that these services are collecting detailed information about our day-to-day activities within our most private places, our homes.  But it is important not to lose sight of the fact that for adults and for kids, many of these smart devices are critical for health and wellness and security and sometimes just for fun.