Recent technology has made children more susceptible to data breaches. What are the repercussions?
By: Adhiti (Tia) Reddy
Imagine a five-year-old playing with a toy in the comfort of the four cozy walls of her “safe” home, but embedded in the toys are devices that could lead to information breaches and compromising of their data. In 2017, the FBI issued a warning about internet-connected toys “spying” on children. Smart toys and devices we use today often have WiFi, microphones, cameras, facial recognition, and integration with AI programs. Horrifically, these toys prevent creativity and development, eavesdrop an average of nineteen times a day, communicate with children, record transcripts of the child’s interactions, include downloadable inappropriate content, and carry out targeted advertising. An astounding nine of every eleven smart toys are vulnerable to breach according to a 2018 IEEE IoT article. To prevent the continuation of this trend, understanding how data is collected on children and taking decisive action to address the issue is essential.
Children’s Online Privacy Protection Act (COPPA), enforced in 2000 by the FTC to greater control what information was collected from devices under the Internet of Things (IoT), was extended to include smart toys in 2017. COPPA requires companies to obtain parental consent before collecting data, but this is not sufficient. Companies abide by the rules and policies with long, difficult-to-understand privacy agreements with default settings that are only favorable to profit the companies—at the expense of the child’s privacy. Even if the companies break the law, the penalty is small compared to the profits. In 2016, VTech’s fine was $650,000, and its revenue was $1,856.5 million. Fortnite’s 2022 fine for a COPPA violation was $275 million, compared to its $6.2 billion revenue.
Compared to General Data Protection Regulation (GDPR), the EU equivalent of COPPA, the EU and United States hold different priorities regarding the safety of their nations’ children. In 2017, the FTC fined $3 million for a COPPA violation in 2017. In contrast, the EU assures that at least 2% of a company’s revenue is at risk. The GDPR requires that the users (parents) be provided with clear and simple information. In contrast, in the United States, parents get a false sense of security that the FTC and policies adequately protect their children’s data through laws like COPPA and hit “ Agree” to having read the impossible-to-read agreements in minuscule print. A 2016 study by the Norwegian Consumer Council found that if an average person were to read every privacy policy they signed in a year, they would have to read more than The New Testament’s worth of fine print. This is absurd, as it displays a lack of transparency in United States-owned companies, especially considering the greater risk on children.
How do we solve this problem? While it is important to accept that technological advances come with intrusions, it is also necessary to draw the line at preserving the innocence, development, and safety of our children. Global privacy laws with stricter data protection for children, higher penalties for companies who fail to abide, more regulations in terms of default settings that must be in favor of a child’s safety than the company’s profits, and simplifying the parental consent privacy forms, are needed in the near future. We must call upon our United States policymakers, parents, and companies to create safe toys for children that do not, in any way, hold risk.
Photo Credit: https://www.thetimes.co.uk/article/smart-toys-spying-on-children-nc03d8xbm
