Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

‘Spy’ Toys Face Complaints From EU, US Watchdogs

EU and US consumer watchdogs announced Tuesday they are filing complaints against a clutch of smart toys that can “spy” on children and their homes, for allegedly breaching privacy and data protection laws.

EU and US consumer watchdogs announced Tuesday they are filing complaints against a clutch of smart toys that can “spy” on children and their homes, for allegedly breaching privacy and data protection laws.

The complaints target smart toys My Friend Cayla, i-QUE Intelligent Robot and Hello Barbie, according to the European Consumer Organisation BEUC and US groups like the Electronic Privacy Information Center (EPIC). Complaints are being filed with French and other European authorities as well as the US Federal Trade Commission.

Internet-connected Cayla and i-QUE, manufactured by Los Angeles-based Genesis Toys, hook up with a user via a phone or tablet while Hello Barbie links to the internet through Wi-Fi, said the consultancy Bouvet on behalf of the Norwegian Consumer Council.

Hello Barbie is not sold in Europe.

“By purpose and design, these toys record and collect the private conversations of young children without any limitations on collection, use, or disclosure of this personal information,” EPIC and other US watchdogs said in their complaint, which they say “concerns toys that spy”.

“The toys subject young children to ongoing surveillance and are deployed in homes across the United States without any meaningful data protection standards,” they said.

“They pose an imminent and immediate threat to the safety and security of children in the United States,” they added.

BEUC, citing the study commissioned by the Norwegian Consumer Council, expressed security concerns.

Advertisement. Scroll to continue reading.

“With simple steps, anyone can take control of the toys through a mobile phone. This makes it possible to talk and listen through the toy without having physical access to the toy,” it added.

It alleged the terms breach the EU Unfair Contract Terms Directive and the EU Data Protection Directive and possibly the Toy Safety Directive.

“Anything the child tells the doll is transferred to the US-based company Nuance Communications, who specialises in speech recognition technologies,” it said.

“The company reserves the right to share this information with other third parties, and to use speech data for a wide variety of purposes,” it said.

“The toys are embedded with pre-programmed phrases, where they endorse different commercial products,” BEUC said.

EPIC and the other US groups like The Campaign for a Commercial Free Childhood urged the trade commission to investigate the collection, use and disclosure of the data.

They called for the body to halt Genesis’ alleged failure to give enough notice of its information practices and stop its retention and use of children’s personal information.

They also asked the commission to halt Genesis’ failure to use “reasonable security measures” for bluetooth connections for Cayla and i-Que.

They urged the body to investigate and prevent US-based Nuance from using children’s speech data to improve products and services sold to military, government and law enforcement agencies. 

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.