📲  Download the 3018 app
Instagram Facebook Twitter icon YouTube LinkedIn TikTok
Make a donation
Contact 3018

Connected Christmas: safety of connected toys

This year, it's time for a connected Christmas with the latest trendy toys: robots, dolls, soft toys... stars under the tree for younger children.

While they offer an educational and innovative gaming experience, their use raises numerous security concerns.

What are the risks?

Connected toys use Bluetooth and Wi-Fi technologies. They collect information and send it via these radio waves and over the Internet. The risks are therefore the same as for using an unsecured or poorly secured phone or tablet, namely:

  • the use of data for advertising purposes,
  • the misappropriation of your information by a malicious organisation or individual, which could then be used for fraud, identity theft, blackmail or cyberbullying,
  • the violation of the child's privacy.

 

How can they be secured?

The association invites you to follow the recommendations of the CNIL (French Data Protection Authority) in order to make the connected toy as safe as possible before giving it to your child

Be very vigilant about the connectivity options offered by the toy:

  • Ensure that the toy does not allow anyone to connect to it, for example by ensuring that pairing with a smartphone or the Internet requires a physical access button on the toy or the use of a password.,
  • change the default settings of the toy (password, PIN code, etc.),
  • Secure access to your smartphone and internet box with a password.,
  • Secure access to the online account linked to the toy with a strong password that is different from your other accounts.,
  • check that the device has an indicator light when it is listening or transmitting information over the Internet,
  • check to ensure that the toy does not have any known and easily accessible vulnerabilities,
  • Perform security updates regularly.

 

Say as little as possible when registering:

While the teddy bear or doll may visually reassure parents, its sensors can nevertheless collect sensitive data such as photos or intimate conversations.

  • Upon registration, only provide the minimum information necessary for the service.,
  • create a specific email address for the toys used by the child,
  • use pseudonyms instead of your full name as much as possible.

 

Disconnect the toy / delete the data:

  • Switch off the toy when it is not in use or to prevent sensitive data from being captured.,
  • ensure that data can be accessed and deleted,
  • disable automatic sharing on social media,
  • delete their data from the toy and the associated online service when it is no longer in use.

 

What does the law say?

In accordance with Article 34 of the Data Protection Act, toy manufacturers are required to secure the information they collect. The CNIL therefore recommends that manufacturers incorporate privacy protection into the design of connected objects.


Our articles on the subject

Good digital habits for the new school year: a practical guide for families

Let us work together to combat online harassment and violence!

I'm making a donation