Smart Toys and How they May be Invading our Privacy

While smart toys can be useful educational tools for children, they also present some potential privacy risks and could invade what is traditionally considered a private space. Think about it—the thought of your child’s toy listening in on your family 24/7/365 is disturbing. So how do we balance these risks with the benefits? Smart toys that are made with artificial intelligence (AI) capabilities can collect different forms of data from children. For example, an AI-enabled toy may collect data to enable it to personalize lessons on how fast your child constructs a shape on the device or a doll may know your child’s favorite color or song so that it can “converse” with your child during playtime. While there are regulations to protect children’s privacy and data collected from minors (the Children’s Online Privacy Protection Act (COPPA)) on the internet and through mobile applications by requiring prior express written consent from a parent or guardian, new smart devices hitting the market are not necessarily complying with COPPA according to the Federal Trade Commission (FTC). Whether we like it or not, smart toys and AI capabilities will only continue to grow. AI can in fact be helpful and effective in aiding children’s learning and experiences. However, we may need to examine this trend now (and the legislation related to these smart toys) to stay ahead of some of the big issues that could arise if this space is not adequately regulated and monitored.

 

Kathryn Rattigan is a member of the firm's Business Litigation Group and Data Privacy + Cybersecurity Team. She advises clients on data privacy and security, cybersecurity, and compliance with related state and federal laws. Kathryn also provides legal advice regarding the use of unmanned aerial systems (UAS, or drones) and Federal Aviation Administration (FAA) regulations. She represents clients across all industries, such as insurance, health care, education, energy, and construction.

 

Data Privacy and Cybersecurity Compliance

 

Kathryn helps clients comply with all state and federal regulations related to data privacy and cybersecurity. She counsels clients facing government investigations over alleged non-compliance. She advises clients on the development of privacy and security plans, and how to best handle high-risk data to avoid breaches and cyber intrusions. Kathryn helps clients review, revise, and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA), Telephone Consumer Protection Act (TCPA), the Children's Online Privacy Protection Act (COPPA), Family Educational Rights and Privacy Act (FERPA), and other federal and state laws and regulations. She assists businesses and organizations with measures to protect the security and confidentiality of personal and sensitive information. She provides guidance regarding privacy and data protection in connection with mobile devices, data storage technologies, mobile applications, and location-based services. Kathryn assists with the development of website and mobile app privacy policies and terms and conditions of use. She also advises clients on social media policies and practices, and 'Bring Your Own Device' in the workplace. She is a member of the firm's Financial Services Cyber-Compliance Team.

 

Unmanned Aerial Systems and FAA Compliance

 

Kathryn is a member of the firm’s Drone Compliance Team. As such, she advises clients on all legal issues surrounding the use of commercial drones, including navigation of Federal Aviation Administration regulations, commercial registration requirements, and Part 107 waivers. She reviews and prepares employee and subcontractor agreements for the piloting and use of drones. She advises commercial businesses on insurance options for adequate coverage for drone use. Kathryn is well versed on various local and state laws, regulations, and ordinances which apply to a business’ drone use. She assists clients with privacy and cybersecuri