Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

‘Spy’ Toys Face Complaints From EU, US Watchdogs

EU and US consumer watchdogs announced Tuesday they are filing complaints against a clutch of smart toys that can “spy” on children and their homes, for allegedly breaching privacy and data protection laws.

EU and US consumer watchdogs announced Tuesday they are filing complaints against a clutch of smart toys that can “spy” on children and their homes, for allegedly breaching privacy and data protection laws.

The complaints target smart toys My Friend Cayla, i-QUE Intelligent Robot and Hello Barbie, according to the European Consumer Organisation BEUC and US groups like the Electronic Privacy Information Center (EPIC). Complaints are being filed with French and other European authorities as well as the US Federal Trade Commission.

Internet-connected Cayla and i-QUE, manufactured by Los Angeles-based Genesis Toys, hook up with a user via a phone or tablet while Hello Barbie links to the internet through Wi-Fi, said the consultancy Bouvet on behalf of the Norwegian Consumer Council.

Hello Barbie is not sold in Europe.

“By purpose and design, these toys record and collect the private conversations of young children without any limitations on collection, use, or disclosure of this personal information,” EPIC and other US watchdogs said in their complaint, which they say “concerns toys that spy”.

“The toys subject young children to ongoing surveillance and are deployed in homes across the United States without any meaningful data protection standards,” they said.

“They pose an imminent and immediate threat to the safety and security of children in the United States,” they added.

BEUC, citing the study commissioned by the Norwegian Consumer Council, expressed security concerns.

Advertisement. Scroll to continue reading.

“With simple steps, anyone can take control of the toys through a mobile phone. This makes it possible to talk and listen through the toy without having physical access to the toy,” it added.

It alleged the terms breach the EU Unfair Contract Terms Directive and the EU Data Protection Directive and possibly the Toy Safety Directive.

“Anything the child tells the doll is transferred to the US-based company Nuance Communications, who specialises in speech recognition technologies,” it said.

“The company reserves the right to share this information with other third parties, and to use speech data for a wide variety of purposes,” it said.

“The toys are embedded with pre-programmed phrases, where they endorse different commercial products,” BEUC said.

EPIC and the other US groups like The Campaign for a Commercial Free Childhood urged the trade commission to investigate the collection, use and disclosure of the data.

They called for the body to halt Genesis’ alleged failure to give enough notice of its information practices and stop its retention and use of children’s personal information.

They also asked the commission to halt Genesis’ failure to use “reasonable security measures” for bluetooth connections for Cayla and i-Que.

They urged the body to investigate and prevent US-based Nuance from using children’s speech data to improve products and services sold to military, government and law enforcement agencies. 

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.