'Smart toys' like Pokemon Go, Hello Barbie raise fresh privacy concerns


Pokemon Go, Furby and “Hello Barbie” are all fun and games – until it comes to kids’ privacy.

The talking toys of today have replaced the board games of the past, and because these web-enabled devices are connected to the internet with apps and websites, they raise new privacy concerns for educators and parents.

Experts say these toys should fall under the Federal Trade Commission’s regulatory rules just like other educational websites and apps, as well as federal laws like the Children’s Online Privacy Protection Act.

“Soon, all devices will be connected, and the internet will be like electricity,” said Julie Brill, who stepped down as commissioner of the FTC in March after about six years. “So we really need to be thinking right now about the rules of the road for when this occurs.”

Brill spoke at an event Wednesday hosted by the Family Online Safety Institute, the Future of Privacy Forum and the Christian Science Monitor. The conversation inevitably turned to Pokemon Go, the latest game craze that has users searching their surroundings for the beloved characters through augmented reality.

“It’s a completely brilliant concept,” said Brill, who spoke positively about the game and said media reports that the game collects sensitive, personally identifiable information were “overblown.”

But others have raised concerns about what kind of data is being collected while kids play that game and countless others. While kids play with these toys, they – and their parents – may be unaware that their voices are being recorded or their geolocation is visible to others.

The FTC currently hits companies with a fine of $40,000 if they are found to violate privacy regulations, which include failure to obtain parental consent. It’s easy enough for parents to keep tabs on kids who have their permission to play a game – but what about their children’s friends who come over to play?

“We need to be thinking very deeply about the various privacy and data security rules that are going to apply,” Brill said.

Developers can take steps to show they are complying with the rules by setting up a parent dashboard and placing an approved privacy seal – like nutrition facts for food – on their products, said Dona Fraser, vice president of the Entertainment Software Rating Board. Those would be significant steps, she added, because parents often don’t read privacy policies that are several pages long.

“I think companies want to do the right things. The question is, how do they do it?” Fraser said. “We’re encouraging companies to put our seal on the front of their packages and put bullet points on their websites about what they’re collecting.”

One company trying to make inroads where privacy is concerned is CogniToys, a developer that was funded by a Kickstarter campaign. It created Dino, a talking dinosaur powered by IBM Watson. Kids can interact with the smart toy, and the creature answers their questions, makes jokes and tells stories.

But before kids can play, parents must download an app that has a parent dashboard so they can provide their consent. Dino officials have also included an infographic on their website that explains how data is being used.

“COPPA forced us to think about privacy early on, and that helped drive our product development,” said Don Coolidge, one of the toy’s creators, adding that any data collected is anonymized.

Brill said games like Dino and Pokemon Go are beneficial for kids, which could outweigh the privacy concerns.

“When you look at the kids interacting with some of these devices, like Dino, they are completely engaged and learning in a way that they might not otherwise be able to learn,” she said.

Reach the reporter at darlene.aderoju@edscoop.com and follow her on Twitter @buuukky and @edscoop_news.