Processing data through connected toys and devices
Connected toys and devices are physical products supported by functionality that connects to the internet. Many of these devices process personal data to provide these functionalities. Examples include:
- interactive dolls or characters that communicate with children;
- voice-activated speakers; or
- smart home devices.
The Children’s code Connected toys and devices standard outlines expectations for developers of connected toys and devices likely to be accessed by children. The links below give examples and information on how online tools impact children’s rights under the UNCRC. We also offer code recommendations on how to positively support and mitigate risks to these rights:
- Article 16: Protection of privacy
- Article 24: Access to health and health services
- Children’s code recommendations on connected toys and devices
Article 16: Protection of privacy
Children have a right to be protected from arbitrary or unlawful interference with their privacy.
Connected toys and devices risk this right where they gather data in private spaces such as a child’s home, without adequate transparency or safeguards (for example speakers in passive listening mode). Connected devices also risk privacy rights where they share data gathered with others in the connected device network, without adequate transparency or safeguards.
Article 24: Access to health and health services
Children have a right to the highest attainable standards of health, and access to health care information and services online.
Connected toys and devices risk this right where fitness trackers and connected health devices recommend personalised negative health behaviours (for example age-inappropriate exercise or diets).
Children’s code recommendations on connected toys and devices:
- Be clear about who is processing children’s personal data at different points of a connected device network, and what their responsibilities are.
- Anticipate that multiple users of different ages may use connected devices. Make sure that the default service you provide is suitable for use by children.
- Provide clear information about your use of personal data at point of purchase, and on set-up, of the connected device.
- Find ways to communicate ‘just in time’ information that explains how you use children’s data - for example using auto-play audio messages for a connected speaker.
- Avoid passive collection of personal data, and make it clear to children or their parent when the device is collecting this data. For example, showing when a connected device is in listening mode.