This week Emily McReynolds will be speaking at the Future of Privacy Forum event Kids & the Connected Home. One of the Tech Policy Lab’s current projects focuses on the privacy and security implications of connected toys, Toys That Listen. Follow the discussion on Twitter at #InternetofToys.
Hello Barbie, Amazon Echo, and the home robot Jibo are part of a new wave of connected toys and gadgets for the home that listen. Different than the smartphone, these devices are always on, blending into the background until needed by the adult or child user. We do not yet know all the information our new toys are collecting, storing, or disclosing. With an intended audience of designers and regulators, this project brings an interdisciplinary group of experts together to build a set of consumer protection best practices for design and user control of connected devices in the home.
The potential benefits of household intelligent devices may be real–these technologies claim to increase convenience, cleanliness, and even improve health. In the lab setting, at-home robots have been tested to help individuals with dementia or rehabilitation. But just as the benefits may be game-changing and exciting, the threats of harm will be novel and non-trivial. Attacks on consumer privacy via the Internet are pervasive, and these issues increase where devices record information from inside the home.
Our goal is to preempt privacy problems before they occur. Consumer privacy protection laws have often been reactionary–drafted or amended after privacy was breached and individuals harmed. The Video Privacy Protection Act, for example, was the result of lessons on the dangers of the distribution of an individual’s video rental history. The recent Netflix settlement under the same Act shows that these issues are alive and well today. The Children’s Online Privacy Protection Act (COPPA) responds to fears adults have about children being online and the new internet-connected toys raise these fears. While legislation like California’s Online Privacy Protection Act has been found to extend from the initial web page privacy policy requirement to apps on devices, the delivery of privacy notices on toys such as Hello Barbie is more difficult to design. With household devices having the ability to collect increasingly detailed information about what we watch, listen to, talk about, or purchase from the comfort of home, now is the time to identify and implement best practices.