October 25, 2020

Volume X, Number 299


October 23, 2020

Subscribe to Latest Legal News and Analysis

France Joins Others, Enforces Against Connected Toys

France’s data protection commissioner joins others in taking action against toymaker Genesis Toys related to its popular internet-connected toys My Friend Cayla and i-Que Robot. Last December, a number of consumer groups filed complaints with regulators in the U.S. and Europe raising privacy and security concerns about the toys. The groups asserted that the toys fail to meet U.S. and E.U. privacy and data protection standards because the toys record and collect the conversations of children without parental consent and without limitations on the collection, use, or disclosure of the information, and because the toys can be easily hacked by third parties.

European regulators responded quickly. Germany’s equivalent of the FTC banned the sale of My Friend Cayla dolls in February, and advised anyone who had purchased the toys to destroy them due to concerns about the doll’s surveillance capabilities. Now, France’s regulator, the CNIL, has issued a public formal notice to Genesis that the toys violate the French Data Protection Act. The CNIL cited a “lack of security” due to a flaw that allows anyone in close proximity to connect any Bluetooth device to the toys, potentially allowing third parties to “listen and record” conversations between the child and the toy or other nearby conversations. CNIL was also concerned about a lack of privacy disclosures. It stated that Genesis failed to properly inform users about how their data would be processed or to tell users that the contents of their conversations would be transferred to a service provider outside the E.U. The CNIL decision indicates that Genesis may be subject to sanctions if it does not improve its security controls and data use notices within two months.

In the U.S., the Children’s Advertising Review Unit relayed its own concerns to the Federal Trade Commission about the My Friend Cayla doll violating the Children’s Online Privacy Protection Act after Genesis failed to respond to CARU’s own initial privacy inquiry in August of this year. While the FTC is still considering the matter, it has already updated its official guidance under COPPA to warn toy makers that internet-connected devices must comply with the Act.

Putting it Into Practice: In the era of the Internet of Things, businesses need to consider privacy and security regulations for connected devices. Regulators have indicated that they expect the same disclosures and security provisions for these new and cutting edge products.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume VII, Number 353



About this Author

Shanna Pearce, Sheppard Mullin, San Diego, litigation, class action, intellectual property, IP, copyrights, false advertising, commercial litigation, lanham act, unfair competition

Ms. Pearce represents businesses in the areas of intellectual property and commercial litigation, from trademark and copyright matters to consumer class actions. She has represented Fortune 500 companies in complex actions involving allegations of copyright violation, breach of contract, fraud, and unfair business practices. She has also defended retailers and financial institutions in class actions alleging violations of statute and federal laws relating to false advertising, unfair competition, pricing practices, and lending disclosures. Ms. Pearce’s litigation...