Passcode, the Family Online Safety Institute (FOSI) and the Future of Privacy Forum recently hosted a discussion on kids, connected toys and devices and privacy. The growing prevalence and popularity of internet-connected toys like Furby, Dino and Hello Barbie, home gadgets like the Amazon Echo and Mother and the widespread use of apps, like Pokémon Go, have intensified the debate over the privacy implications of kids connecting to technology.
These tools can provide exciting opportunities for interactive learning and entertainment, but it is important for parents to be aware of how their children’s information is collected, managed and used by their apps and toys. The event featured panel discussions with privacy experts to examine the security and privacy concerns associated with this growing “internet of toys.”
David Grant, director of content strategy for the Christian Science Monitor’s Passcode, and Jules Polonetsky, CEO of the Future of Privacy Forum, delivered introductory remarks and discussed some of the questions surrounding the Children’s Online Privacy Protection Rule (COPPA) as it relates to connected toys.
FOSI Founder and CEO Stephen Balkam then interviewed Julie Brill, partner and co-head of the Privacy & Cybersecurity Practice at Hogan Lovells, about the changing landscape of connected toys and home devices. “The internet is going to disappear – we’ll still be connecting, but we’ll be connecting to everything, everywhere, all the time,” said Brill. “We need to think deeply about the various privacy and security concerns.”
As the ways in which we connect to technology – and the user interface as it is typically considered – change, Brill emphasized that the issues and questions we ask will change as well, with a new key question being “how will we get user permission and obtain consent for collecting user information?” Brill and Balkam discussed the fact that, while the growth in connected toy technology and the popularity of these devices as well as games, like Pokémon Go, have many benefits and offer new opportunities for learning, they also present new privacy concerns for parents. For example, connected toys that record children’s voices or other “ambient data” could raise issues when used by children who do not own the devices (and therefore, whose parents did not consent to their kids using them and revealing their personal information). “We need to worry about the privacy and security concerns, and that’s something that the companies will have to ensure they’re dealing with and that regulators will have to deal with,” said Brill.
Following Brill and Balkam’s conversation, Passcode Editor Michael Farrell led a panel discussion with Donald Coolidge, CEO of Elemental Path; Emily McReynolds, program director of the University of Washington’s Tech Policy Lab; Dona Fraser, vice president of the ESRB Privacy Certified program; and Joshua Corman, director of the Atlantic Council’s Cyber Statecraft Initiative. The panelists continued the discussion on the concerns associated with kids’ increasing use of connected devices and talked about what companies should consider when creating these toys and home devices. “Companies want to do the right thing but whether companies know what the right thing is, is the question,” said Fraser. “The goal is to mitigate risk but not burden down the user experience.” The panelists suggested that companies build security and privacy into the design of their products and think of new, effective ways to communicate what they do with user data. For example, Fraser mentioned sharing privacy practices in storefronts where connected toys are sold. Coolidge and McReynolds emphasized that companies should minimize the amount of personal information their products collect, and McReynolds mentioned that the future could include a “connected point in the home” – a central point to which all devices would connect and from which all privacy preferences could be managed. The panelists also discussed the importance of being diligent regarding the third-party vendors companies use.
The event concluded with panelists and speakers giving their key advice and takeaways. “There’s a great opportunity for consumers to inform themselves,” McReynolds said in reference to popular services and apps like Pokémon Go. “When you have one of these new, exciting toys, a parent should take the time to figure out what’s going on.” Balkam highlighted “three Ps” to help shape the discussion: policy, practices and parenting. Polonetsky also discussed questions and issues that companies and policymakers should keep in mind, such as how shared smart home devices should treat children’s information relative to adults’ information.
Attendees were also invited to interact with connected toys and home gadgets and ask questions of the panelists leading up to and following the event. Polonetsky closed the event by encouraging attendees and others to read the Future of Privacy Forum’s new whitepaper on connected toys and home devices, “Always On: Privacy Implications of Microphone-Enabled Devices.“ You can read more and download the whitepaper here.