Skip to main content

Safety Tips for Parents Buying Smart and Connected Toys This Holiday Season

Teddy bears once filled with stuffing are now hard-wired with smart technology. Internet-connected toys can be fun but they can also put your family at risk if proper care is not taken when buying and using these devices.

Now, more than ever before, The Children’s Advertising Review Unit (CARU) encounters toys that may collect personal information (e.g. name, email address) from children. Unfortunately, this may be done without parents knowing it’s happening. Much like many offline experiences where parent’s permission is required before collecting or using your child’s information, the online world is the same: parental permission is required! These connected toys aren’t inherently bad; in fact, they can be highly educational and fun as long as parents are well-informed and choose wisely. But if you choose the wrong toy, there can be consequences (check out our issues we had with a recent smart toy here)
Santa checks his list twice and responsible parents should too-- you may be surprised to find that with some toys, privacy is not included. Don’t let your children’s smart toys outsmart you, ‘tis the season for parents to do their Ho-Ho-Homework before bringing a smart toy home.
Here are CARU’s tips to help your family have a safe holiday season with smart toys.

Do Your Research

·       When considering an internet-connected device, research the product before you hit the stores. Most information you need cannot be found on the box. Instead, do an internet search of the product and read online reviews. A simple search may uncover a slew of security issues.

Know the Law

·       The Children’s Online Privacy Protection Act (COPPA) is designed to protect children’s personal information. Toy companies must post privacy policies that describe how personal information is collected from children and how it is handled. The policy should not only describe the toy’s data collection practices but also the practices of other companies they are working with who may also be receiving  personal information through the device as well.

Read the Privacy Policy

·       Curl up by the fire with a good… privacy policy. Yeah, you heard us! You should be able to find the privacy policy online, either in the app store or on the toy’s website. Look for the following:
o   A list of who is collecting personal information
o   What information the device collects and how it’s used
o   How personal information is stored
o   Who has access to data
o   Your parental rights
If you can’t find a privacy policy or the information above, contact the company directly. If you aren’t satisfied with the answer or can’t find one, consider purchasing another toy.

Parental Rights

·       Privacy policies must give parents the chance to review their child’s information, delete it and give them a chance to refuse to allow further collection. Parents also have the right to agree to collection and use of their child’s information, but still not allow disclosure to third parties. Companies also must, if asked, give parents a way to review personal information collected from their child, give a way to revoke consent and refuse further use or collection and delete their child’s information if asked.
·       If a toy collects personal information, COPPA requires that parents are given notice before their children’s information is collected. Operators are also required to get verifiable parental consent before collecting, using or disclosing personal information from a child.

Hope for the Best, Prepare for the Worst

·       Use this as an opportunity to teach your children online responsibility. Educate your children about the importance of safeguarding personal information and the potential dangers lurking online. Encourage them to speak up if a questionable situation occurs.

Use a Secure Connection

·       Only connect toys over secure, password-protected Wi-Fi or VPN (Virtual Private Network). Avoid using public connections, which may easily allow unwanted access to toys if there are security flaws.

Check Please

·       Don’t assume privacy settings are set by default; check the parental controls and don’t forget to password-protect your settings. Be aware of parental controls and safety measures the toy has in place like limiting who your child can communicate with.

Stay Up to Date

·       Find out if the company will contact you if there are any security breaches or software updates to protect a toy’s security. Always install software updates and security patches in a timely manner.

Monitor

·       Have your children use their toys in family areas of the home so you can closely monitor usage. Review any video or audio that is recorded by any device. Don’t be outwitted by your child. Kids are brilliant when it comes to technology but it can be dangerous for them. Remain engaged; be aware of who they are communicating with and what content is being shared. Ever heard the term helicopter parent? Engage.

Major Turnoff

·       Turn off all connected devices when not in use to ensure personal information is not inadvertently collected.

Take Back the Internet

·       If you’re not sure how to do something, there is probably another parent who does—and they may have even made a YouTube video about it! You can learn anything from “How to Turn off iPhone Purchases” to “How to Set Parental Controls”.  Answers to almost all of your questions can be found on the Internet…as well as things you didn’t think to ask!

We’re Not Made of Money

·       Talk to your child about appropriate online spending. If you allow your child to make online purchases, educate them about the responsibility. You may want to consider restricting purchases to prepaid cards to avoid overspending.

Pull the Plug

·       Unplugging is important too. Teach your kids that the addictive buzzing and pinging doesn’t take the place of family time. Continue to encourage real-life socialization as well. Add or subtract time as a reward or punishment for children’s behavior.

·       If you’re worried about kids’ online interactions, use programs and devices built-in features to turn off Internet connectivity, disable digital purchases and restrict interactions to pre-approved friend lists.

Happy Holidays from CARU!

The Children's Advertising Review Unit® (CARU®) was founded in 1974 to promote responsible children's advertising as part of a strategic alliance with the major advertising trade associations and the Council of Better Business Bureaus. CARU is the children's arm of the advertising industry's self-regulation system and evaluates child-directed advertising and promotional material in all media to advance truthfulness, accuracy and consistency with its Self-Regulatory Program for Children's Advertising and relevant laws. In addition, CARU is an FTC-approved COPPA Safe Harbor, which helps companies comply with the Children’s Online Privacy Protection Act (COPPA).

For more information on CARU, please feel free to contact CARU’s Director, Dona Fraser at Djfraser@caru.bbb.org




Popular posts from this blog

CARU Speaks at Community Board in Manhattan

CARU staff attorney Andra Dallas gave a presentation to Community Board 1, serving lower Manhattan on Monday, December 7 th .  Andra spoke to the Board’s Youth Committee about the importance of teaching children about understanding advertising and safe online practices.  District Manager Noah Pfefferblit remarked, “thank you for your informative presentation to our Youth Committee members,” and offered the Board’s assistance if they “can be helpful to the important efforts at the Children's Advertising Review Unit.” Are you interested in having a CARU staff member visit your community board? Contact adallas@caru.bbb.org.

i-Dressup Shuts Down in Wake of Privacy Breach and COPPA Violation

I-Dressup, a fashion-themed social website for teens, has completely shut down as part of a settlement with the New Jersey Department of Consumer Affairs, following a massive privacy breach and violations of the federal Children's Online Privacy Protection Act (COPPA) and New Jersey state law. In September 2016, a hacker sent 2.2 million i-Dressup account credentials to technology blog Arstechnica as well as to haveibeenpwned.com, a searchable online database of data breaches. Responding to the news, New Jersey investigators discovered that 2,519 of the compromised accounts belonged to New Jersey children below age 13. I-Dressup, allegedly aware that it had child users, had violated COPPA by failing to obtain verifiable parental consent prior to collecting and processing personal information from the children, including first and last names and email addresses. In a consent decree with the New Jersey Attorney General Gurbir Gerwal, parent company Unixiz has closed i-Dressup,

Kids Internet Design and Safety Act Seeks to Protect Children from Harmful Online Content

United States Senators, Mr. Richard Blumenthal from Connecticut and Mr. Edward Markey from Massachusetts, introduced a new bill referred to as the Kids Internet Design and Safety Act (the “KIDS Act”). One of the Senator’s introducing the KIDS Act, Mr. Edward Markey, was the co-author of the Children’s Online Privacy Protection Act (“COPPA”). The KIDS Act seeks to include noteworthy advertising rules and create new protections for children online, specifically for online users under the age of 16. The proposed advertising rules within the KIDS Act are to ban websites from: (1) exposing young online users to advertisements “with embedded interactive elements”; (2) recommending any content involving alcohol, nicotine, or tobacco to young online users; and (3) recommending content that includes influencer marketing, like unboxing videos, or host-selling to young online users. Additionally, the KIDS Act seeks to prohibit certain online features to protect children, like prohibiting