We shouldn't let high-tech toys make children vulnerable to hackers

[Commentary] VTech, a Hong Kong-based company that sells various tablets, “learning” toys and apps designed for children, experienced one of the largest ever hacks targeting children. Nearly 5 million parent accounts and 6.4 million children’s profiles are believed to have been compromised. What can parents do to protect their children and themselves? The most foolproof method is simply not to buy these types of toys. They generally offer little or no benefit while imposing substantial risks.

If parents want to go ahead anyway, being aware of privacy policies is key. The Hello Barbie privacy policy, for example, requires that parents agree to allow ToyTalk to “use, store, process, convert, transcribe, analyze or review” recordings of their child for a variety of purposes including the vague and open-ended “other research and development and data analysis purposes”. While ToyTalk says it will not use recordings “to contact children or advertise to them”, it is unclear exactly what this means. Because data collection and analysis is not well understood by the public and is constantly evolving, it is both unrealistic and unfair to place the burden of determining the risks on parents. The VTech hack has brought much-needed attention to the significant privacy issues raised by many new children’s toys. Until they are satisfactorily addressed, the best option for parents is to just say no to dubious toys that may risk your child’s privacy.

[Angela Campbell directs the Communications and Technology Law Clinic at Georgetown Law]