Smart toys like Toniebox, Tiptoi, and Tamagotchi are becoming increasingly popular among children, offering interactive and fun experiences through software and internet access.
However, researchers at the University of Basel in Switzerland have raised concerns about these toys, warning that they might be collecting a lot of personal data about kids without parents realizing it.
The Toniebox, for example, is a favorite among young children because it’s easy to use.
Kids can listen to their favorite stories or music simply by placing a plastic figurine, like Peppa Pig, on the box.
The story starts playing automatically, and children can stop or skip through the story by tilting the box.
While this seems like a great idea, there’s a catch—the Toniebox records every time it’s used, including which figurine is placed on it, when the child stops the playback, and where they rewind or fast-forward. This data is then sent to the toy’s manufacturer.
This toy is just one of twelve smart toys that a team of researchers, led by Professor Isabel Wagner from the University of Basel, studied.
They also looked at other popular toys like the Tiptoi smart pen, the Edurino learning app, and the Tamagotchi virtual pet, as well as lesser-known ones like Moorebot, a robot with a camera and microphone, and Kidibuzz, a child-friendly smartphone.
The researchers focused on how secure these toys are and how well they protect children’s privacy.
They checked whether the data sent by these toys was encrypted (meaning protected from being seen by others) and how easy it was for users to find out what data was being collected.
They also examined whether the toys complied with the European Union’s General Data Protection Regulation (GDPR), which is a law designed to protect people’s privacy.
Unfortunately, the Toniebox and Tiptoi pen did not perform well in terms of security. The Toniebox, in particular, raises privacy concerns because it collects and sends data to the manufacturer, while the Tiptoi pen does not.
Even if the Toniebox is only connected to the internet temporarily to download new content, it can store data locally and transmit it to the manufacturer later.
Companies claim they collect this data to improve their products, but it’s often unclear how this data is used.
Some apps that come with these toys even request unnecessary access to a smartphone’s location or microphone.
For example, a toy that uses ChatGPT was found to be sending what appeared to be audio data, possibly to improve its speech recognition for children’s voices.
The researchers argue that children’s privacy needs to be better protected and suggest that toy manufacturers should place more emphasis on security. They recommend that toys come with a label indicating whether they meet certain security and data protection standards, making it easier for parents to assess the risks.
The researchers warn that constant surveillance of children could have negative effects on their development.
While it may not seem like a big deal right now, it’s important for parents to be aware of these potential risks and choose toys that protect their children’s privacy.