This week for CST373 I continued research into the topic of Toys that use AI. In my research paper for the class I will be addressing the question, whose responsibility is to protect children’s data in toys? In previous posts I had wrote about the security and privacy issues related to this topic. For this post I wanted to explore the user’s responsibility. While searching through articles on this topic I came across a paper written by Patrick Hung, for the International Conference on Cloud Computing and Security, titled A Glance of Child’s Play Privacy in Smart Toys. In the paper Hung defines a smart toy as “ a device consisting of a physical toy component that connects to one or more toy computing services to facilitate gameplay in the Cloud through networking and sensory technologies to enhance the functionality of a traditional toy. A smart toy in this context can be effectively considered an Internet of Things (IoT) with Artificial Intelligence (AI) which can provide Augmented Reality (AR) experiences to users.” This study explores issues related to privacy requirements for smart toys. In the United States smart toys most comply to standards set by the federal trade commission in COPPA the Children’s Online Privacy Protection Act. In this study, the first assumption is that children do not understand the concept of privacy.
The second assumption is that children will disclose as much information to smart toys as they can trust. Hung explains that “Breaches of privacy can result in physical safety of child user, e.g., child predators.” The study points out that the parents/legal guardians of a child strive to ensure their child’s physical and online safety and privacy, but there is no common approach for these parents/guardians to study the information flow between their child and the smart toys they interact with. Many parents lack the technical knowledge to properly secure and track the data collected by smart toys. Acknowledging that parents and children will most likely not possess the technical ability required to secure the toys, this again brings up the questions about whose responsibility it is to protect the data. Currently, smart toy manufactures are not required to disclose how and why there are collecting data, and there is no regulation to prevent them from selling the data to a third party. There have been several major data breaches in the smart toy world exposing the account information, voice-recording, images, and locations of users. As more information is released on the security vulnerabilities inherent in many smart toys and IOT devices, International watchdog groups are filing complaints with groups like the FTC calling for more investigations and the implementation of additional security and privacy standards. In my research paper will be exploring the different sides of this argument looking at manufacturers, governments agencies, and users/parents, and making the case for which group I feel is responsible for protecting children’s data.