Kids & The Connected Home: Privacy in the Age of
Connected Dolls, Talking Dinosaurs, and Battling Robots
- Connected toys can raise privacy concerns, particularly when they use children’s personal information
- The Children’s Online Privacy Protection Act (COPPA) applies to many connected toys, helping to ensure that parents are in control of their kids’ data
- COPPA does not apply to general connected home devices that serve families
- Leading companies should go beyond legal requirements to build trust in toys that can connect to online services
- The connected toy marketplace is still young, and many toymakers could take additional steps to make their data practices clear and to better secure children’s data
Washington, DC – Today, at the 2016 Family Online Safety Institute (FOSI) Annual Conference, the Future of Privacy Forum (FPF) and FOSI released a white paper, Kids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots.
FPF and FOSI understand that connected toys are creating opportunities for interactive play and education, but also creating new privacy and security challenges. Toys that can become a child’s closest friend, play games, and provide advice through the use of sophisticated cloud-based computing and personal information are raising questions about how to ensure families can make appropriate choices about how data is collected and used.
“At FPF, we recognize the benefits that connected home technologies can provide to individuals, families, and kids,” said Jules Polonetsky, FPF’s CEO. “We also know that privacy issues can make or break adoption of connected home tech – particularly questions about whether kids’ privacy and security are sufficiently safeguarded. Children are playing with dolls that listen and talk, interactive animals, and apps that link toys to digital services. As connected toys become more popular, it is important for toymakers to be transparent about their data practices and to mitigate security risks. Federal law provides key safeguards, but more can be done to build trust.”
“The new world of connected toys offers an extraordinary range of opportunities for learning, exploring and just plain fun,” said Stephen Balkam, FOSI’s Founder and CEO. “However, data is the difference between these ‘smart’ toys and traditional ones. Parents need to be aware of how a toy collects, shares, and stores their child’s information. Industry must ensure the safety and security of that data and find innovative and effective ways to inform parents of how their child’s information is being used.”
Kids & The Connected Home describes the current landscape of connected toys, identifying what distinguishes them from conventional toys and other smart toys. The white paper analyzes existing regulations under COPPA that have established important safeguards for information collected from children, and how those regulations apply. Stacey Gray, FPF Policy Counsel, points out that shopping for connected toys often happens in retail stores, where COPPA does not require a privacy disclosure.
The report also provides several leading privacy and security practices that can help companies build trust, such as: 1) Determine when local processing, remote processing, and third-party sharing is appropriate, and mitigate security risks for the selected approach to data processing; 2) Ensure that strong encryption standards prevent the toy from communicating with unauthorized devices or servers; and 3) Do not use passwords that cannot be changed by users, and do not share a single default password between toys.
On July 20, 2016, FPF, FOSI, and Christian Science Monitor Passcode hosted Kids & the Connected Home in Washington, DC. This event featured discussion by a diverse group of industry experts about kids, connected toys and devices, and privacy. In Kids & The Connected Home, FPF & FOSI discuss and expand upon the issues raised at that event, which concerned the emergence of connected toys and their social and legal implications. Throughout, the report addresses key questions that animate the discussion around children and the connected home:
- Connected Toys. Does COPPA apply to connected toys? And does the screen-less nature of many connected toys suggest that an update to COPPA may be required to adequately address privacy concerns?
- Connected Homes. Does COPPA apply to general connected home devices that serve families?
- Parental Controls. Do parents have appropriate controls and information to make well-informed decisions regarding their children’s interactions with the connected home and toys? If not, how can this be addressed?
- Data Security. How do we ensure that connected toys are sufficiently secure?
“Trust is a crucial precondition for widespread adoption of connected toys,” said John Verdi, FPF’s VP of Policy. “Parents must be satisfied that the digital products they invite into their homes will safeguard children’s privacy and keep information secure.”
The Future of Privacy Forum (FPF) is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
The Family Online Safety Institute (FOSI) is an international, non-profit organization which works to make the online world safer for kids and their families. FOSI convenes leaders in industry, government and the non-profit sectors to collaborate and innovate new solutions and policies in the field of online safety. Through research, resources, events and special projects, FOSI promotes a culture of responsibility online and encourages a sense of digital citizenship for all. Learn more about FOSI by visiting www.fosi.org.