As parents shop for children’s gifts this holiday season, Attorney General Pam Bondi urges caution when purchasing Internet-connected toys. Before purchasing smart toys, such as dolls that speak with children and smart watches that contain GPS tracking technology, consumers should ensure toys employ adequate security and privacy protections for children.
“When shopping for children’s presents, safety should be the top priority. I urge parents to be cautious of any toy that could collect and share a child’s sensitive information,” said Attorney General Bondi.
Smart toys may collect children’s personal information that can include address, age, location, name, pictures and voices data. Toys that lack adequate security protections may expose a child’s sensitive information, creating a risk of child identity fraud or exploitation. Additionally, without adequate privacy protections, children’s personal information may be sold to third parties for targeted advertising.
As an example, the My Friend Cayla doll uses an unsecured blue-tooth connection that can be accessed by individuals nearby. The product also fails to provide information regarding privacy policies required by federal law. Despite these security and privacy flaws, My Friend Cayla represents that it is kid safe. Although many retailers pulled the dolls from shelves and France and Germany issued warnings regarding this toy, online retailers continue to sell the doll.
There are steps consumers should take before purchasing smart toys this holiday season. Here are some recommendations from the Federal Bureau of Investigation to ensure safe purchases of Internet-connected toys:
- Research for reported security issues using online resources from sites that conduct cyber security research, consumer product reviews and child and consumer advocacy;
- Only connect and use toys in environments with trusted and secured Wi-Fi Internet access;
- Look into the toy’s Internet and device connection security measures. Check if the toy uses authentication when pairing the device with Bluetooth or uses encryption when transmitting data from the toy to the Wi-Fi access point and to the server or cloud;
- Find out if toys can receive firmware or software updates and security patches. If so, ensure the toys are running on the most updated versions and that any available patches are implemented;
- Check where user data is stored—with the company, third party services or both—and whether any publicly available reporting exists on the company’s reputation for cyber security; and
- Carefully read disclosures and privacy policies from company and any third parties.
For more information and tips about cyber safety, please visit SafeFlorida.net.