Mobile banking standard ISO 12812
New international standards on mobile banking have been agreed and key consumer protections are promoted thanks to Consumers International's place on the ISO working group.READ MORE
The increasing digital trend in which everyday objects are being connected to the internet is creating new challenges for consumer protection and online security. ‘Connected toys’ typically contain a microphone and speaker, and an app to process the data. While it’s undeniable that these hi-tech gadgets can inject life into playtime, they can often cause huge issues in terms of protecting privacy.
We are working hard to make sure that connected toys are safe and children are not put at risk. So far our campaigning activity around connected toys has focused on two particular products: the ‘i-Que Intelligent Robot' and ‘My Friend Cayla’ doll, manufactured by Genesis Toys.
Analysis by the Norwegian Consumer Council found these popular toys are:
The issue of the toys’ lack of security was raised with the manufacturers of the ‘i-Que Intelligent Robot’ and ‘My Friend Cayla’ doll almost two years ago. The problems have still not been fixed.
The manufacturers are accused of failing to prevent unauthorized Bluetooth devices from connecting to the toys. This means that someone could eavesdrop on conversations, which could in turn increase the threat of predatory stalking and physical danger. Bluetooth normally requires that you be relatively close (within about 33 feet) to share information, but even at that distance, someone at a playground or outside the child’s home could snoop on children using these connected toys.
Not only do the toys capture children’s voices without adequate notice or permission; they send it to a US-based company specialising in voice- and speech-recognition, with few safeguards over how that information is handled.
This video released by the Norwegian Consumer Council explores how these toys operate; claiming that they’re ‘not as innocent as they look’, with no added security to prevent hackers from talking or listening through the dolls.
Manufacturers need to reconsider how they make these kinds of toy, especially those which use cameras and microphones to capture what kids are doing. They’re not the same as a smart speaker or other typical voice-activated device; because they are specifically aimed at children, they should fulfil much more stringent privacy expectations.
Together with the Norwegian Consumer Council and several other members, we’re calling on toy manufacturers to:
Only collect necessary data; using it solely for the purpose of the toy.
Prevent these issues resurfacing by committing to privacy and security by design, with privacy and security-related risk assessments undertaken during the entire design-process; and sufficient privacy and security measures are worked into the product design itself.
Make these toys safer by increasing security features in how devices are paired, to stop unauthorised people from connecting to the toy.
Stop direct marketing to children.