Toying with Privacy: Regulating the Internet of Toys

56 Pages Posted: 27 Dec 2018 Last revised: 23 Dec 2019

See all articles by Eldar Haber

Eldar Haber

University of Haifa - Faculty of Law

Date Written: December 8, 2018


Recently, toys have become more interactive than ever before. The emergence of the Internet of Things (IoT) makes toys smarter and more communicative: they can now interact with children by "listening" to them and respond accordingly. While there is little doubt that these toys can be highly entertaining for children and even possess social and educational benefits, the Internet of Toys (IoToys) raises many concerns. Beyond the fact that IoToys that might be hacked or simply misused by unauthorized parties, datafication of children by toy conglomerates, various interested parties and perhaps even their parents could be highly troubling. It could profoundly threaten children's right to privacy as it subjects and normalizes them to ubiquitous surveillance and datafication of their personal information, requests, and any other information they divulge. While American policymakers acknowledged the importance of protecting children's privacy online back in 1998, when crafting COPPA, this regulatory framework might become obsolete in face of the new privacy risks that arise from IoToys. Do fundamental differences between websites and IoToys necessitate a different legal framework to protect children's privacy? Should policymakers recalibrate the current legal framework to adequately protect the privacy of children who have IoToys? Finally, what are the consequences for children's privacy of ubiquitous parental surveillance through IoToys — allegedly granted to safeguard children from online risks? And how might children's privacy be better framed and protected in this context?

This Article focuses on the privacy concerns that IoToys raise. Part I briefly outlines the evolution of IoToys while examining their capacity to collect and retain data. Then, in reference to the legal framework chosen to protect children from online datafication twenty years ago, the next part discusses the American perception of children's privacy, focusing on COPPA. Through this analysis, this part will show how key market players currently comply with COPPA regulation, and evaluate whether such compliance is relevant to IoToys' dangers and challenges. Part III revisits COPPA, challenges it, and in calling for its recalibration offers some practical solutions to IoToys' privacy threats. Thereafter Part IV normatively evaluates children's conception of privacy and argues that IoToys' monitoring practices could jeopardize the parent-child relationship and calls for recalibrating children's privacy in the digital era. The final part summarizes the discussion and concludes that children's privacy matters today perhaps more than ever before, and that the potential movement toward a ubiquitous surveillance era should not lead to its demise.

Keywords: Privacy, Children, IoT, IoToys, Internet of Things, Internet of Toys, Smart Toys, Coppa, Hello Barbie, Cayla

JEL Classification: K00, K10, K40, K49

Suggested Citation

Haber, Eldar, Toying with Privacy: Regulating the Internet of Toys (December 8, 2018). 80 Ohio State Law Journal 399 (2019), Available at SSRN:

Eldar Haber (Contact Author)

University of Haifa - Faculty of Law ( email )

Mount Carmel
Haifa, 31905

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics