` Technology and Teddybears - Clarip Privacy Blog

Technology and Teddybears


Technology can be a great tool for parents to keep their children entertained and engaged for hours. Most parents use the “digital nanny” in the form of an ipad, iphone, or android device. It is easily accessible and it makes sure that the child sits still, when needed most – especially while grocery shopping, getting haircuts, cooking dinner, or running other errands. However most parents would agree that too much screen time is not healthy for children. Furthermore, American Academy of Pediatrics recommends limiting screen time to one hour per day for children ages 2 to 5 years. This is where toy manufacturers are stepping in offering internet connected toys that can interact with children. Some Internet of Things (IoT) toys record a child’s interaction with the toy and then play it back making it highly engaging.

Internet connected toys have the potential of being a great alternative to screen time, however more steps need to be taken to make sure that the sensitive personal information shared by the families is secured and hacker proof. On February 27th Motherboard reported that Spiral Toys – a company selling CloudPets (internet connected teddybears), did not have adequate database protections in place and left some “800,000 customer credentials, as well as two million message recordings, totally exposed online for anyone to see and listen.” The CloudPet teddybear records the message which then is uploaded to the cloud via the app and can be listened by the recipient. Messages can also be recorded on the app and played back by the teddybear. The idea behind the toy is admirable, but the execution raises flags and it is a wake up call not only for the parents, but also for the companies as well. While handling personal and sensitive consumer data, proper protocols and techniques have to be implemented in order to avoid damaging data breaches.

This is not the first time that such vulnerabilities among internet connected toys is being identified. Mattel’s interactive “Hello Barbie” doll can have a conversation with a child and that data then is sent back to Mattel corporation. Researchers discovered that this doll could potentially become a spying device when accessed by hackers. Toy maker Genesis Toys, which uses voice recognition technology in its toys My Friend Cayla and the i-Que Intelligence Robot, is under fire by various watchdog organizations for privacy violations. According to Buzzfeed, in order “to use the doll, a child must first answer several questions, including their name, their parents’ names, their school, their hometown, and their physical location.” Once the toy is synced with the app, that data and the conversations go to Genesis via bluetooth and is further passed on to the voice recognition software company Nuance Communications. The watchdog organizations point out that such data collection and sharing is done without parental consent which violates the Children’s Online Privacy Protection Act (COPPA) of 1998. The act requires websites to get parental permission before making any use of data provided by children younger than 13.

It is hard not to think about the harmful implications of internet connected toys acting as spies in peoples homes. Toys that record child’s conversations are susceptible to hacking. The safety and security of sensitive personal data sent to servers of private corporations depend on the integrity of the companies selling them. Even though internet connected toys might look like a great alternative to the screen time for children, the industry is still in its infancy and therefore it is up to parents to protect their children and their own sensitive personal information.

The pixel
Show Buttons
Hide Buttons