Written By Joshita Pai
Taking inspiration from Apple’s Siri, Mattel alongwith its technology partner ToyTalk, launched Hello Barbie this year. The Barbie, available through online purchase, is a wi-fi enabled, interactive doll, equipped to hold a conversation at the press of a button on its belt. The audio files processed over the internet makes the experience an interactive one. The doll has become a subject of controversy after a security expert based out of the U.S. declared that on hacking the Hello Barbie system, he managed to procure wi-fi network names, MP3 files and account IDs which could be traced back to someone’s home. Several consumer groups have protested the sales of the Barbie emphasizing on the eavesdropping nature of the doll indicating that Mattel’s innovation has not been well received.
Distinct features of the Doll
Mattel is responsible for manufacturing the doll, and ToyTalk induces the technical nuances into Hello Barbie. The doll uses artificial intelligence and voice recognition software to process children’s questions over the internet to ToyTalk servers, and a pre-recorded response is selected that is generated as Barbie’s words. Downloading the Hello Barbie companion app facilitates the registration and activation of the doll on purchase. The press of a button makes the doll a responsive toy that is capable of interacting with the child. The responses given by Hello Barbie are pre-determined by the parents through a password enabled ToyTalk account, which requires an online registration. Alexandra Saddler in her investigation, reported that the conversations are recorded and stored in the cloud and could be used by the Company anonymously to create more pre-recorded messages.
Surrounding Privacy Concerns:
The interactive doll comes with a memory because the communication between Barbie and the child is simultaneously recorded. The recorded conversations are accessible by parents and ToyTalk which implies that there are two levels of access to any communication made. The doll employs voice recognition techniques which enables online identification of the child. Such identifiers are protected as personal information under United States’ Children’s Online Privacy Protection Act (COPPA). The right to privacy is however, a subjective right and the extent of expectation of privacy, a child is likely to have, is debatable.
Protected data is increasingly losing ground in the name of commercial exchange of information by conglomerates. Transfer of data in the U.S., is seen as a necessity for fostering free flow of information. Obtaining access and transferring data through a child’s toy might however be taking it too far.
Mattel’s attempts to assuage privacy concerns:
“we cannot prevent children from providing personal information when they talk with Hello Barbie, and such information may be captured in the Recordings. However, it is our policy to delete such personal information where we become aware of it and we contractually require our service providers to do the same.”
Further, the Policy explicitly states that: “we may store and process personal information in the United States and other countries”, and adds that subject to COPPA requirements, the information will be shared with third parties for a list of purposes. Commercial exchange of information is generally permitted in the name of customized services to customers and developing statistics for company’s review. The clause however, doesn’t restrict processing of data to within the country, which is a cause for concern since not all countries are equipped to handle and process data while safeguarding privacy.
With the recent ECJ ruling in Schrems, the safe harbour clauses guaranteed by the U.S. have been declared inadequate for ensuring protection of data. Against this backdrop, attempts to export data carries with it, possibilities of privacy breaches. COPPA in regard to Hello Barbie, stands as a thin piece of legislative buffer for trading information within the country. However, it cannot be overstated that since the doll can be purchased online, countries which do not have similar regulatory structures are bound to be at a more vulnerable state.
Joshita Pai was a Fellow at the Centre for Communication Governance from 2015-2016