Now, however, some manufacturers may have gone too far – collecting and using data about the children who interact with their toys, according to a new report from the U.S. PIRG Education Fund. Smart Decisions about Smart Toys: High-tech toys can put children at risk builds on the group’s recent investigation of dangerous toys undertaken for the recent 37th annual Trouble in Toyland report.
How far is too far? As an example, the manufacturer of the software that brings the Fuzzible Friends Alexa-connected toy to life states in its privacy policy that it may receive the geolocation and transcripts of a child’s interactions with the toy, contingent on parental consent.
And, get this – if a child happens to say their age while playing with the toy, that information would be included in the transcript the company receives.
“Toys are toys. They shouldn’t be devices companies use to harvest our children's personal information, picture or voice,” said R.J. Cross, director of PIRG Education Fund's Don’t Sell My Data campaign.
“Unnecessary data collection puts our children at risk. Toy manufacturers must take the safety and security of children seriously.”
'We have your data and we’ll have it forever'
Think about this. In the wrong hands, the possibility exists that a 3-year-old toddler’s data could be repurposed over and over again, year after year.
Cross said that toy manufacturers may partner with other tech companies to process and store data, and if they feel they’ve reserved the right to share a child’s data with other parties, they could possibly sell or share that data further, including to third-party marketers.
And with cyber thieves as cunning as they are in breaching a company’s user data pool, the chances a child’s data will be exposed in a breach or a hack grows exponentially. In fact, that’s already happened.
In one instance, when smart toy manufacturer Vtech’s data was breached in 2015, the names, birthdays, genders, and even photos and voice recordings of 6.4 million children were exposed online.
Other risks include unsecured internet connections which can allow a toy to become an eavesdropping device, a microphone that bad actors could potentially use to talk to kids, and toys with companion apps that may include in-app purchases, where kids may run up big bills by accident.
Before you buy your child a 'smart toy,' take these precautions
U.S. PIRG offers a complete guide as to what parents should consider before buying their child a smart toy, but the basics are simple. If a toy has any of the following features, a parent would be wise to reconsider purchasing it unless they also have the ability to set time limits, control privacy, etc.:
Cameras, microphones or sensors
Chat functions
Location sharing
In-app purchases
Programming to accomplish a high level of individual personalization
“Read the fine print,” Cross urges. “Look at the terms & conditions and privacy policies for answers to key questions like what data does the toy gather about my child, what does the manufacturer use it for, and does the manufacturer share my child’s data with other companies?”