Laois-based agency warns parents about Christmas toys being hacked

Amy Doyle

Reporter:

Amy Doyle

Email:

news@leinsterexpress.ie

smartphone

Care urged with smart devices.

Conversations between children and toys like dolls can be hacked and used to create false profiles, according to Ireland's data watchdog which is based in Portarlington.

The Data Protection Commission (DPC) issued the warning about the recording of children's voices on toys, smartphones and other devices on the eve of the Late Late Toy Show

The privacy watchdog said that toys today contain human-like qualities and can often recognise words.

The commission says toys can also connect to phones, tablets or online apps which can record conversations between your child and the toy. It says the voice recordings can be shared with other companies and could result in a profile to be created about your child.   

"Some toys also connect to apps on smartphones or tablets, which might allow for the collection and recording of “conversations” between the doll and the child, or even act as a walkie-talkie," said the commission.

Similarly, with smartwatches, the DPC said many features on the watch can be hacked.

"It has been found that in some cases the communications functions are not secure and can be hacked allowing eavesdropping on conversations, or even direct communication with the child," said the commission.

The commision recently advised parents to keep their child safe and protected from threats and violations of privacy and safety. 

"Parents/guardians should ensure that they are asked for authorisation, that they understand who the data controller is, why the personal data is being collected and how it is secured," it said.

The commission urged parents to be aware of how children use smart toys and devices.

"The Data Protection Commission wish to remind parents and guardian who are thinking of buying their child these gifts for Christmas must take care when selecting one that has a camera or voice recorder, connects to the internet, allows connection using a smartphone or tablet app, or has location tracking," it said.

The DPC has the following tips for parents when purchasing these products.

·         Where the controller has asked for consent or authorisation for processing, are you given the opportunity to consent to each purpose and to control the use of your child’s personal data?

·         Are you asked to authorise the processing of your child’s personal data – their voice or location, for example? Where the controller has asked for consent or authorisation for processing,  is it clear how you can withdraw consent or authorisation for the processing of your child’s data?

·         Has the controller given you information on how to exercise your data protection rights?

·         What kind of “sensors” does the toy/device have – for example, would it record your child’s voice? Can it understand certain words or phrases? Can it take photographs or allow video to be captured?

·         Does it have a GPS or other means to track location?

·         Can the toy/device connect to the internet or use Bluetooth to connect to an app that you install on your smartphone or tablet?

·         If there is an app that you can use with the toy or device, can anyone download and use it or just kids (or parents/guardians) who have the device?

·         Does a button on the toy/device have to be used, or does the toy have to be used in a certain way in order for the app to connect to it?

·         Can you turn the other sensors, network connection, or location tracking on and off, or does the child have to press a button each time in order for them to work?

·         Is it clear to the child and to you when the sensors are working – for example, do the toys or devices light up or make a noise when the sensors are activated?

·         Is it clear on the packaging or manual that comes with the toy/device how the sensors work and what you can do to control them?


For more go to www.dataprotection.ie