Smart and internet-connected toys are growing in popularity. These high-tech can gather a lot of data about children during play. You want to do your homework before buying a smart toy for your child, and that includes looking at the toy’s fine print for answers to key questions. We’ll walk through good questions to ask below.
Before we begin, it’s worth saying that reading terms & conditions and privacy policies is hard. They’re full of legal lingo and can hide important information. It’s very normal to feel confused when looking at these documents. We’re here to help.
Businesses are legally required to post both terms & conditions and privacy policies, but that doesn’t mean they’re easy to find. If you can’t find these documents, it’s better to move on and find a different toy made by a different company that’s more transparent.
What to look for in the fine print
Once you’ve found the documents, it’s important to try and find answers to key questions.
Suggested search terms for scanning the fine print: child, minor.
If the toy has a microphone or camera, is it recording your child’s interactions with it? Are those communications transferred anywhere? To whom, and for what purpose?
This data can be sensitive and even dangerous if it falls into the wrong hands.
Suggested search terms: camera, microphone, voice, photo, recording, transcript, video.
Is the toy collecting any other information about your child?
You want to be pretty careful with toys that gather your child’s location in particular.
Suggested search terms: location, geolocation.
Is your child’s data being shared with other companies?
Manufacturers may sell, share or transfer your child’s data to other parties, and if they do, you want to see a list of names. Privacy policies may just say “we share your information with service providers” or “third parties” or “business partners” and then give you no clue about who those entities are. The best toy manufacturers will follow any of these phrases up with specific names of who, exactly, is getting your child’s data.
If other companies are named, you’ll want to find their privacy policies, too, and look for the answers to the same questions we’re walking through now.
Suggested search terms: data, personal information, transfer, share, sell, third party, third parties, service provider, partner, business.
Does the company retain the right to share your child’s data with advertisers?
Suggested search terms: advertiser, advertising, marketing.
Can you request a record of your child’s data so you can see what the company has on file? And can you request your child’s data be deleted?
You want to have control over your kid’s information. You want to be able to delete data if, for example, you have reason to believe your child overshared some sensitive information. You’ll also want to delete data once your child outgrows a toy, so you can make sure the company isn’t holding onto information unnecessarily, which can put your kid at risk during a data breach even months or years down the line.
Suggested search terms: delete, deletion, parental access, personal information rights, your rights.
If there’s a data breach, will you be notified?
You want a company that commits to transparent communication if there’s a possibility your child’s data has been compromised in any way.
Suggested search terms: security, breach, hack, notify, communication.
This can be a red flag if they can make big changes without alerting you, especially if those changes include the types of data they collect and who they share it with.
Suggested search terms: change, revision, revised, edited, notify.
Unfortunately, it’s possible after hunting down all the documents and reading the fine print that you won’t be able to find the answers to all of these questions. These documents can leave out important information, like a full list of companies the manufacturer may share your child’s data with. If this is the case, it’s safer to find a different toy made by a company that takes the security of your child more seriously.
Smart Decisions about Smart Toys
Director, Don't Sell My Data Campaign, U.S. PIRG Education Fund; Policy Analyst, Frontier Group
R.J. focuses on data privacy issues and the commercialization of personal data in the digital age. Her work ranges from consumer harms like scams and data breaches, to manipulative targeted advertising, to keeping kids safe online. In her work at Frontier Group, she has authored research reports on government transparency, predatory auto lending and consumer debt. Her work has appeared in WIRED magazine, CBS Mornings and USA Today, among other outlets. When she’s not protecting the public interest, she is an avid reader, fiction writer and birder.