Alexa, Are You Friends With My Kid? Smart Speakers and Children’s Privacy Under the GDPR

56 Pages Posted: 25 Jun 2020 Last revised: 29 Jun 2020

See all articles by Sophie-Charlotte Lemmer

Sophie-Charlotte Lemmer

King's College London - The Dickson Poon School of Law, LLM Graduate

Date Written: September 2, 2019

Abstract

This dissertation examines if two popular smart speakers, i.e. Amazon Echo and Google Home, comply with selected GDPR requirements regarding the privacy of children.

Supposedly being digital natives, the trend of datafication increasingly affects them, even in protected places such as their homes. Smart speakers, which are connected to virtual personal assistants, play a big role in the collection of children’s personal data at home.

In particular, children might regard the assistants as intimates and reveal a critical amount of sensitive data to them. This is why smart speakers pose severe risks to children’s fundamental right to privacy according to art.16 of the UN Convention on the Rights of the Child, art. 7 and 8 of the Charter of Fundamental Rights of the EU and art. 8 of the European Convention of Human Rights. In spite of these dangers, smart speakers are not under the same scrutiny as smart toys.

In order to protect their privacy, it is vital that these devices provide a high degree of data protection for children and fully comply with applicable regulations, especially with the GDPR. This paper thus examines the Amazon Echo’s and Google Home’s compliance with the GDPR by focusing on three categories: Transparency, parental consent according to art.8 GDPR and the right to erasure. The concerning findings of this research show that both devices violate the legal requirements of the examined categories in many ways. Especially, there are doubts if the processing of children’s data by Amazon Echo and Google Home complies with the GDPR principles of lawfulness, fairness and transparency. The smart speakers’ ways of processing personal data are often completely unclear for children and parents, turning the devices into “black boxes”. Also, parental consent in line with art. 8 is rarely sought before the processing of children’s data. Finally, children’s data are potentially stored indefinitely.

Thus, it is suggested that smart speakers are not yet suited for the use by children and must be completely re-designed to provide them with the specific protection they merit under the GDPR according to recital 38.

Suggested Citation

Lemmer, Sophie-Charlotte, Alexa, Are You Friends With My Kid? Smart Speakers and Children’s Privacy Under the GDPR (September 2, 2019). King's College London Law School Graduate Student Research Paper No. 2018/9_6, Available at SSRN: https://ssrn.com/abstract=3627478 or http://dx.doi.org/10.2139/ssrn.3627478

Sophie-Charlotte Lemmer (Contact Author)

King's College London - The Dickson Poon School of Law, LLM Graduate

Somerset House East Wing
Strand
London, WC2R 2LS
United Kingdom

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
171
Abstract Views
709
rank
219,043
PlumX Metrics