Following up on a previous letter, Sen. Mark Warner (D-Va.) sent a second missive to the Federal Trade Commission asking about the agency’s efforts to protect children’s privacy with respect to so-called smart toys.
Last July, the lawmaker penned a letter to then-Chair Edith Ramirez, expressing concern about the intersection of children’s toys and the Internet of Things (IoT). “With the increasing prevalence of connectivity and data processing abilities in children’s toys and other household products, consumers must now evaluate and weigh new—and complex—risks to their children’s safety and privacy,” Sen. Warner wrote.
In the interim, specific instances of potential privacy violations with IoT toys have been reported. A consumer group filed a complaint with the FTC asking it to investigate the My Friend Cayla doll and i-Que Intelligent Robot. The group alleged that the products were “spying” on users by recording and collecting conversations with the children who used them.
Referencing this complaint as well as news reports about CloudPets, an IoT line of toys that purportedly stored personal data in an insecure, public-facing online database that exposed over 800,000 customer credentials and more than two million voice recordings sent between parents and children, Sen. Warner said his concerns are “continued and growing.”
“I worry that protections for children are not keeping pace with consumer and technology trends shaping the market for these products,” he wrote to Acting FTC Chair Maureen K. Ohlhausen. “[R]ecent events have illustrated that in addition to security concerns with the devices themselves, new data-intensive functionalities of these devices necessitate attention to the manner in which vendors transmit and store user data collected by these devices.”
Adding to the problem: “Reports of your statements casting these risks as merely speculative—and dismissing consumer harms that don’t pose ‘monetary injury or unwarranted health and safety risks’—only deepen my concerns,” Sen. Warner said.
In addition to asking for a progress report on the My Friend Cayla complaint—as well as a query on whether the FTC has reached out to the company behind CloudPets—the letter questioned whether the agency needs more authority from Congress to effectively enforce the Children’s Online Privacy Protection Act.
“Do COPPA’s data security—including retention and data minimization—standards need to be updated?” the legislator asked. “Are companies ignoring COPPA requirements, or are COPPA requirements not keeping pace with developments in data security and cyber security best practices?”
To read Sen. Warner’s letter, click here.
Why it matters: Sen. Warner shows no signs of changing his focus regarding the potential COPPA violations posed by IoT toys, particularly in light of Acting Chair Ohlhausen’s comments “dismissing consumer harms that don’t pose ‘monetary injury or unwarranted health and safety risks’ as ‘speculative’ and ‘subjective.’” The letter requested a response from the agency within four weeks.