News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 AI Governance Dashboard – New AI Governance Dashboard – New

Stay on top of the latest AI governance news and developments of the profession.

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Career Central
Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 IAPP Calendar

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Overview Online Training Live Online Training In-Person Training Books Practice Exams Train Your Staff Official Training Partners Web Conferences
Artificial Intelligence Governance Professional Artificial Intelligence Governance Professional

Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.

 European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Canadian Privacy (CIPP/C)

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 Foundations of Privacy and Data Protection

Introductory training that builds organizations of professionals with working privacy knowledge.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 AIGP Certification AIGP Certification

Ensures individuals responsible for AI systems can reduce the risks associated with this technology.

 Certificação CDPO/BR Certificação CDPO/BR

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

 Certification CDPO/FR Certification CDPO/FR

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools and Trackers Research Glossary Global Privacy Directory Enforcement Database Westin Research Center Web Conferences Jobs Privacy Vendor Marketplace
Global Privacy Directory

This tool identifies global data protection authorities and privacy legislation.
US State Privacy Legislation Tracker

The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
Reports and Surveys

Access all reports and surveys published by the IAPP.
Privacy Governance Report

This report shines a light on the location, performance and significance of privacy governance within organizations.
Privacy Risk Study

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Artificial Intelligence

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
CCPA and CPRA

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
EU General Data Protection Regulation

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
Data Protection Intensive: UK Data Protection Intensive: UK

Explore the full range of U.K. data protection issues, from global policy to daily operational details.

Global Privacy Summit Global Privacy Summit

Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.

AI Governance Global AI Governance Global

A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.

 Canada Privacy Symposium Canada Privacy Symposium

Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.

Asia Privacy Forum Asia Privacy Forum

Hear top experts discuss global privacy issues and regulations affecting business across Asia.

 Privacy. Security. Risk. (P.S.R.) Privacy. Security. Risk. (P.S.R.)

P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.

 Europe Data Protection Congress Europe Data Protection Congress

Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.

 ANZ Summit ANZ Summit

Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization — check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Tech | Tech trends: When IoT devices make headlines Related reading: How industry can protect privacy in the age of connected toys

rss_feed

""

We all know smart devices are becoming more and more popular, so much so that people cannot stop gushing about them. They are making their way to executive condos in Singapore and are dominating tech conferences, such as CES 2017.

But if you are embedded in the privacy and security industries, you are well aware of the potential privacy and security risks smart devices possess, like headline-grabbing ransomware attacks on smart homes and cars. However, a recent string of incidents proves you can never underestimate the strange places smart device issues can arise.

Case in point: Realtors and homebuyers are discovering houses with smart devices may pose problems if the previous occupant is still connected to the system. 

If the smart devices are not reset when the new owner moves in, the former inhabitant may still be able to control any number of devices, whether it’s a garage door opener, a thermostat, or keyless locks.

Maybe it's just another in a string of issues causing smart-device anxiety, but it may also shine a light on a bigger issue as well. A National Association of Realtors’ survey found only 15 percent of clients even inquired about smart technology in the homes they are considering.

This gives rise to an important question to consider: Are IoT device makers and marketers doing enough to educate their consumers and users about the privacy and security issues that come along with the product? Clearly there's a market for smart devices, and if companies want to maintain the trust of the customers, perhaps they should consider adding in bits of privacy education for consumers — whether it's through marketing, or an easy-to-read guide that comes with the package. 

But smart home devices are not the only IoT devices making headlines of late. 

Germany’s Federal Network Agency launched a strong campaign telling parents to destroy their child’s My Friend Cayla doll following privacy concerns surrounding its smart technology. Researchers found hackers can compromise the doll through an insecure Bluetooth device within the toy to listen to and talk to children playing with it from up to 33 feet away.

U.S. consumer groups have joined the crusade against My Friend Cayla, filing a complaint against the doll with the Federal Trade Commission.

Or, consider the newly rebooted Teddy Ruxpin doll that's coming out. Similar concerns could manifest with the glorious return of the 1980s icon, as the new Ruxpin allows children to follow along with stories through a smartphone app connected via Bluetooth.

Et tu, Theodore?

This isn't the first time smart dolls have made privacy headlines. Hello Barbie was perhaps the first to do so nearly two years ago. One mom actually sued Mattel over privacy concerns with the doll.

However, Mattel features a very easy-to-read webpage explaining their privacy commitment. This is a quick way to answer potential privacy concerns without requiring a consumer to read a 10,000-word privacy policy. But for those who do want to go deeper, Mattel has provided a well-organized and consumer-friendly privacy policy, with a clear way of contacting the privacy office with any questions or concerns. 

Of course, companies putting those statements out there better be following through on those commitments. If not, it's probably a safe bet the FTC will come a'knockin'. 

The Future of Privacy Forum has been active in the IoT space, providing tips for manufacturers of smart home devices and children's toys. In a recent Privacy Perspectives post, the FPF's Stacey Gray, CIPP/US, outlined the complexity of privacy in the "smart toy" market. She also echoed a mantra that privacy pros may hear often: Just because it's legal, doesn't mean it's right. Toy makers "can go beyond their legal requirements and really build privacy and security into the design of their toys," she wrote. She also provided a helpful set of tips for smart toy makers to consider. 

Smart devices, while growing in popularity, are still growing as an industry and will continue to do so at a dizzying pace. For now, when privacy and security professionals look at smart devices, they should look to these best practices and find creative and innovative ways to educate their consumers and convey their privacy commitment. 

Of course, as we forge further into an IoT-world, more devices will make headlines. Having privacy and security built in from the beginning, and a clear way to communicate those protections, will help companies stem the publicity challenges and maintain consumer trust. 

Top image courtesy of the Future of Privacy Forum

Author
Headshot Ryan Chiavetta Nonmember Contributor
Tags
Children's Privacy
Infosecurity
Internet of Things
1 Comment

If you want to comment on this post, you need to login.

  • comment Brian Levine • Mar 1, 2017 
    It's painful to see the abysmal level of security and complete lack of privacy/security considerations that went into the design and development of CloudPets-Spiral Toys product. Unsecured mongo-db publicly accessible on the cloud, weak passwords, un-authenticated access to S3 storage. It's clear the architect/engineers had no concern for security in their design. This is a complete failure from the top level down to make basic consumer protection a required feature of their products. For a small investment, basic mistakes like this are easily designed out or corrected after the fact. Is there any financial/legal recourse expected for Spiral Toys?
Related Stories
This pacemaker just incriminated its owner
1
In the privacy world, we often talk about trade-offs: the trade-off between privacy and convenience, or privacy and security. But what about privacy and life, itself? What if the technology that helps keep you alive also spies on you? Would you still use it? Is that even fair? Or legal? For some pe...
Read More queue Save This
Related Stories
Tags
Children's Privacy
Infosecurity
Internet of Things
Recent Comments