It has been said that in the future, every company will be a technology company. Already, everyday items from toasters to washing machines communicate through the Internet of Things. However, as companies transition from providing traditional physical goods into the realm of connected technologies, this opens up a whole new realm of legal and regulatory issues.
One striking example is the recent story calling for privacy probes into two seemingly innocent children’s toys, the Cayla doll and the i-Que robot. These toys use speech recognition software to interact and have conversations with children. However, consumer groups in the US and Norway have filed complaints against these toys.
The allegations are numerous - unauthorised surveillance, failure to obtain proper parental consent to processing of minors' personal data, complicated terms of service that can be unilaterally updated at any time, improper product placements and targeted marketing (the Cayla doll is programmed to say that her favourite song is "Let It Go" from Frozen and she wants to visit Disneyland) to name a few. It has also been alleged that hackers can take control of the toy and listen to what is being said. It is notable that these complaints aren't limited to one particular regulation or area of law - they span across data privacy, cyber security, consumer protection and even human rights. This highlights the regulatory minefield that companies looking to develop connected technologies must navigate.
According to the US complaint, the doll prompts children to provide personal data verbally - including their parents' names, the name of their school and the place where they live