Privacy Advocates Continue To Warn That Modern Toys Are A Privacy Mess

A decade or so ago there was a wave of warnings by privacy advocates about how modern toys had become major surveillance devices. Makers of voice recognition toys in particular had a nasty habit, researchers warned, of collecting everything your child says, poorly anonymizing" the data (a meaningless term), then failing to secure that data from attackers.

A decade later and researchers and activists are still busy trying to get consumers to understand that modern toys are a privacy and security mess. Companies continue to over-collect data on children and monetize that data for advertising, allowing the creation of detailed profiles on children. All while not really making that clear in terms of service. And while hiding behind flimsy claims of anonymization."

Year after year, privacy advocates warn that significant reform is needed, and year after year not a whole lot changes when it comes to the warnings or our collective response to them:

It's just one example of a growing trend, according to nonprofit researchers at the U.S. Public Interest Research Group (PIRG). The organization's recent report said smart toys bring new risks, including microphones and cameras, paired with significant data collection.

Having any data collected on a child that isn't strictly necessary is really reckless and unsafe," said RJ Cross, of U.S. PIRG.

And this kind of lax privacy and security standards extends to educational computer learning products. A July 2022 study by Human Rights Watch found that the overwhelming majority" of EdTech products endorsed by 49 governments during the pandemic surveilled or had the capacity to surveil children in ways that risked or infringed on their rights.

Forcing legal accountability for global toymakers is often an uphill climb. You'll occasionally see a company hit with a major lawsuit (as Genesis Toys was in 2017 after it was discovered that its Bluetooth and Wi-Fi enabled toys lacked even rudimentary security, allowing third-party surveillance of kids), but most of these offenders see no meaningful repercussion for lax security and privacy standards.

And again, all of these toy companies (even the ones hit with major lawsuits) hide behind the idea that there's nothing to worry about because kid data is anonymized." But numerous studies keep showing how it's easy to identify an anonymized" individual in a data set like this with just a small smattering of additional data. As more compromised datasets stumble around the Internet, the worse it gets.

COPPA is dated and broken, the U.S. FTC lacks the money or staff to pursue privacy at any meaningful scale, and we still haven't passed even a rudimentary new privacy law for the Internet era. When it comes to everything from your smartphone apps to your kid's Wi-Fi connected Barbie, we've made it abundantly clear that making money was our top priority, and privacy remains a distant afterthought.