Privacy advocates in both the United States and Europe are urging regulators to take a hard look at the privacy ramifications of internet-connected toys, which are often conventional toys augmented by companion mobile applications.
EPIC alleges that the two firms violate the FTC’s COPPA Rule by failing to obtain verified parental consent prior to the collection of data from children using the doll and the app, and that the dolls violate the FTC’s more general prohibition on unfair or deceptive practices by failing to implement security measures sufficient to ensure that each doll is paired only with an authorized device.
The same dolls were banned in Germany in February by the Federal Agency for Electricity, Gas, Telecommunications, Post and Railway (the Bundesnetzagentur), following complaints from privacy advocates. German officials pointed to “particular danger in toys being used as surveillance devices” in justifying the ban.
As we have written, voice-activated devices present diverse questions about privacy and fairness, often at a pace that is faster than applicable rules or guidance. Though children’s devices present special concerns because of the COPPA Rule, any firm wanting to bring to market a product relying on voice-recognition or voice-activation would be well-advised to ensure its consumer disclosures and privacy policies are air-tight before doing so.