Technology First Look

Privacy concerns threaten sales of hi-tech doll

Regulators in Germany have already banned My Friend Cayla, and consumer-watchdog groups want the US Federal Trade Commission to follow suit.

My Friend Cayla, a doll that can talk and answer questions via tapping into the Internet, was banned by Germany over privacy concerns.
Genesis
|
Caption

Thanks to a built-in microphone and Bluetooth connection, the My Friend Cayla doll can talk with a child – answer questions, tell stories, and be a "real friend."

The 18-inch tall doll won the Gadget of the Year award at the 2014 London Toy Fair. 

But German regulators see this doll as a threat to child safety. On Friday, the country’s Federal Network Agency banned the device and urged parents to disable it, stating that it was an unacceptable threat to children’s privacy.

Consumer-advocacy groups in the US and Europe filed complaints against Genesis Toys, which manufactures My Friend Cayla, this past December, when the Norwegian Consumer Council analyzed the doll and found that its wireless connection was vulnerable to hacking.

The US complaint, filed with the Federal Trade Commission, claims that the dolls were not only vulnerable to hackers, but allowed corporations to gather data on children and place products – for instance, Disney movies – into their conversations with the toy.

Concerns about children’s online safety are almost as old as the World Wide Web itself, prompting the passage of the Children’s Online Privacy Protection Act (COPPA) in 1998. But the My Friend Cayla controversy could portend greater challenges for privacy advocates, as the Internet spreads beyond PCs and into phones, appliances, and toys.

"With the growing Internet of Things, American consumers face unprecedented levels of surveillance in their most private spaces, and young children are uniquely vulnerable to these invasive practices," said Claire T. Gartland, an employee of the Electronic Privacy Information Center, one of the parties to the FTC Complaint.

"The FTC has an obligation here to step in and safeguard the privacy of young children against toys that spy and companies that exploit their very voices for corporate gain."

As The Christian Science Monitor’s Charlie Wood reported in January, speech-enabled devices like Amazon’s Echo and the iPhone “are more ear than brain, and all the heavy-duty data crunching required for machines to understand human speech is done on far-away Amazon and Apple servers.”

My Friend Cayla works similarly. The doll’s microphone sends a child’s questions to a smartphone application, which searches the internet for answers. As the company advertises:

Cayla can understand and respond to you in real-time about almost anything. Ask her questions about herself, people, places, and things! She's the smartest friend you will ever have!

Cayla also loves to tell stories, play games, share photos from her photo album, and sing too. She is not just a doll... she's a real friend! 

But watchdog groups have reason to suspect that those audio files go further. “The cost of the device is not the ultimate revenue for these companies, Albert Gidari, the director of privacy at the Stanford Center for Internet and Society, told Wood. “Advertising and personal information are what's at the end of the rainbow for them.”

In the case of Cayla, watchdog groups point out that audio files get sent to a database maintained by Genesis Toys’s technology partner, Nuance Communications, which also develops voice-recognition programs for law enforcement and the military. They also argue that Genesis and Nuance have failed to obtain parental consent for this practice, as required by COPPA.

In its online privacy policy, Genesis states that it is “committed to safeguarding your personal information and the personal information of any child under your care.”

But on Friday, German regulators decided that the company’s efforts fell short. In the US, the FTC is currently reviewing the privacy concerns raised by the doll.

But already, watchdog groups on both sides of the Atlantic are gearing up for similar fights to protect children’s privacy from the growing number of microphones and cameras they’re likely to encounter.

Monique Goyens, head of the European Consumer Organization, told Agence France-Presse that "EU product laws need to catch up with digital developments to deal with threats such as hacking, data fraud or spying.”

Meanwhile, Kathryn Montgomery, Professor of Communication at American University, told the Campaign for a Commercial-Free Childhood that “This will be a crucial test of the new FTC under the Trump Administration. Now more than ever, we must ensure that children's needs are high on the policy agenda for the Big Data era."