January 15, 2017

January 13, 2017

Subscribe to Latest Legal News and Analysis

January 12, 2017

Subscribe to Latest Legal News and Analysis

U.S. and EU Consumer Groups Ask Global Regulators to Investigate Two Connected Toys

In a coordinated effort, public interest organizations announced on December 6 the submittal of complaints to the Federal Trade Commission (FTC) and European Union and Member State consumer and data privacy authorities to investigate two connected toys, My Friend Cayla and i-Que robot. The groups allege violations of privacy, security and advertising laws. While this is not the first time advocacy groups have sought to prompt regulators to investigate alleged lapses involving connected children's products, this appears to be the first globally-coordinated initiative. 

The FTC petition, filed on December 6, 2016, by the Electronic Privacy Information Center (EPIC), the Campaign for a Commercial Free Childhood (CCFC), the Center for Digital Democracy (CDD), and Consumers Union, alleges violations of the federal Children's Online Privacy Protection Act (COPPA) and other consumer protection laws. Namely, the groups allege that Genesis Toys' My Friend Cayla doll and i-Que Intelligent Robot deliberately "record and collect the private conversations of young children without any limitations on collection, use, or disclosure of this personal information" and without parent's knowledge or consent. The organizations further allege that Genesis stores and sends the voice recordings to its technology partner, Nuance Communications, Inc. (who provides the speech recognition software), and that it is unclear what Nuance does with the data it receives.

In Europe, complaints spearheaded by Forbrukerradet, the Norwegian arm of the European Consumer Organisation BEUC (an umbrella organization for 43 European consumer advocacy groups), were reportedly filed with the European Commission, the International Consumer Protection and Enforcement Network, and national data protection authorities in Norway, France, Sweden, Greece, Belgium, Ireland and the Netherlands. The complaints allege the toys violate the EU Unfair Contract Terms Directive and the EU Data Protection Directive, and possibly the Toy Safety Directive. The consumer groups are also using social media to campaign against the toys.

Genesis and Nuance deny the allegations. Nuance said it had "adhered to our policy with respect to the voice data collected through the toys referred to in the complaint," according to an article in the Wall Street Journal. Nuance denies that it shares voice data collected from individual toys with any of its other customers and says the data collected is used to improve services for the toys and other products.

How Connected Toys Work

Connected toys offer many interactive features to provide a child with a different play experience. My Friend Cayla is an interactive doll that talks and plays games, tells stories, and shares photos when online. It also has an offline feature for storing and playing information. The i-Que Intelligent Robot is an interactive robot that can take part in conversations, tell jokes, spell, pronounce, define 80,000 words from the Merriam-Webster Intermediate Dictionary and access information from the Encyclopedia Britannica stored in the robot's permanent memory. Its software also allows the robot to expand its knowledge base with personal interaction.

Bluetooth and Wi-Fi are common connection techniques for all sorts of connected products, not just toys. Cayla and the i-Que robot are each equipped with a microphone, speakers and speech recognition software, and use Bluetooth technology connected to a smartphone app to connect to the Internet. According to the toys' specifications, children's speech is converted into text. The application then uses the text to search Google, Wikipedia, and Weather Underground in response to the child's inquiry.  

The Legal Framework

In the United States, COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. It requires that companies post their privacy policies, notify parents of their information-collection practices, and get verifiable parental consent, among other steps, before collecting personal data from children.

Currently, EU law does not have a similar children's privacy legal instrument, but a provision of the General Data Privacy Regulation (GDPR), expected to enter into force in 2018, does incorporate obligations related to children's privacy.

The Future of Connected Toys

Connected toys offer innovative play experiences for children, but they have been a lightning rod for complaints about privacy and security. While such complaints often turn out to be unfounded or exaggerated, the coordinated complaints targeting these two products may represent a new strategy between European and U.S. consumer groups who advocate greater restrictions going forward, and raise alarms about "commercialization." 

Parents today are connected, and connected parents want connected toys. Children's privacy should of course be protected with appropriate security and privacy measures suitable to the technology platform and appropriate to foster a safe and fun play experience for that particular toy. In an effort to respond to this growing demand to give children connected play experiences, toy manufacturers are implementing privacy and security impact assessments and legal compliance strategies on top of the extensive safety testing obligations applicable to toys worldwide. In the complex world of IoT, there is much for manufacturers to consider. Thoughtful attention to overall consumer protection obligations is certainly necessary for any connected product manufacturer, and continuing to improve is part and parcel of product innovation. Connected toy manufacturers, however, may also need to consider the possibility that their products will be targets for critics.

© 2017 Keller and Heckman LLP

TRENDING LEGAL ANALYSIS


About this Author

Tracy Marshall, Keller Heckman, regulatory attorney, for-profit company lawyer
Partner

Tracy Marshall joined Keller and Heckman in 2002. She assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.

...

202-434-4234
Sheila Millar, Keller Heckman, advertising lawyer, privacy attorney
Partner

Sheila A. Millar counsels corporate and association clients on advertising, privacy, product safety, and other public policy and regulatory compliance issues.

Ms. Millar advises clients on an array of advertising and marketing issues.  She represents clients in legislative, rulemaking and self-regulatory actions, advises on claims, and assists in developing and evaluating substantiation for claims. She also has extensive experience in privacy, data security and cybersecurity matters.  She helps clients develop website and app privacy policies, data security and access procedures, manage trans-border data flows, respond to data breaches and create training programs. She assists clients on digital media issues, helping them develop social media, blogging and user-generated content policies, and to understand advertising technology and online behavioral advertising issues.  Ms. Millar also works with clients to navigate the array of federal and state requirements governing contests and sweepstakes, and advises on gift cards, coupons and rebates.  She represents clients on advertising and privacy matters before the Federal Trade Commission (FTC), the Children’s Advertising Review Unit (CARU), the National Advertising Division (NAD), as well as in connection with investigations by state regulatory bodies and Attorneys General.

202-434-4646
Nathan Cardon, Keller Heckman, product safety attorney, labor lawyer
Associate

Nathan Cardon joined Keller and Heckman in 2013.  Mr. Cardon practices in the areas of product safety, privacy, and advertising.

In his product safety practice, Mr. Cardon counsels clients on risk management and product safety strategies, as well as on compliance with Consumer Product Safety Commission (CPSC) requirements, including new requirements under the Consumer Product Safety Improvement Act of 2008 (CPSIA). 

In the privacy and advertising practice, Mr. Cardon is involved in a wide variety of privacy, data...

202-434-4254