Photo
Photo source: myfriendcayla.com

The FBI is warning parents about the risks of internet-connected toys, something consumer groups  have been concerned about for years. The FBI issued an advisory for parents warning that many "connected" toys contain cameras, microphones, and other sensors, including GPS, that can gather information about children.

"These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed," the FBI said.

That's what the Electronic Privacy Information Center (EPIC) said last year when it filed a complaint with the Federal Trade Commission alleging that the "My Friend Cayla" doll violated U.S. privacy law. EPIC's complaint spurred a congressional investigation and toy stores across Europe removed Cayla from their shelves.

The FBI advisory echoes those concerns about children's privacy and safety.

"In some cases, toys with microphones could record and collect conversations within earshot of the device. Information such as the child’s name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment," it said.

"Consumers should examine toy company user agreement disclosures and privacy practices, and should know where their family’s personal data is sent and stored, including if it’s sent to third-party services," the advisory noted.

Why no action?

In May, Sen. Mark Warner (D-Va.) nudged the Federal Trade Commission, asking whether it had done anything about My Friend Cayla and similar products in response to the EPIC complaint. 

"I worry that protections for children are not keeping pace with consumer and technology trends shaping the market for these products," Warner said in the letter. 

Warner noted that in February 2017, Germany’s equivalent of the FTC pulled “My Friend Cayla” off the market due to concerns over the doll’s surveillance capabilities.

“Recent events have illustrated that in addition to security concerns with the devices themselves, new data-intensive functionalities of these devices necessitate attention to the manner in which vendors transmit and store user data collected by these devices,” Sen. Warner wrote in his letter to Acting FTC Chair Maureen Ohlhausen. 

Warner referred to media reports that CloudPets, a product line manufactured by Spiral Toys and marketed as ‘a message you can hug,’ stored customers’ personal data in an insecure, public-facing online database. CloudPets reportedly exposed over 800,000 customer credentials and more than two million voice recordings sent between parents and children.


Share your Comments