Swiss study: Toys record extensive data from children

It's so simple: place the audio figure on the box and the radio play starts. If you want to move on to the next chapter, just tap the box on the right, if you want to go back, do the same on the left. This is exactly why the Toniebox is so popular and successful: because, unlike a classic audio player, it is child's play to use.

What is known, but many people don't realise, is that these actions - for example, when the child activates which Tonie figure, when they stop the story and where they jump to - are registered. And the data is sent directly to the manufacturer.

A study by the University of Basel has now investigated this in more detail. In addition to the Toniebox, the team of researchers scrutinised eleven other popular smart toys for children - toys that enable interactive play with software and the internet. These include, for example, the Tonie competitor Tigerbox, the educational pen Tiptoi and its optional charging station, the educational app Edurino, the virtual pet Tamagotchi and the children's smartphone Kidibuzz.

Radio play

EUR84,37

Tonies Toniebox Starter Set Blue (Creative Tone)

German

2144

Learning games

EUR64,30

tiptoi Starter set: pen and picture book My World

German

172

Learning games

Edurino Starter set Juki, d

German

2

Radio play

EUR84,37

Tonies Toniebox Starter Set Blue (Creative Tone)

German

2144

Learning games

EUR64,30

tiptoi Starter set: pen and picture book My World

German

172

Learning games

Edurino Starter set Juki, d

German

2

The result: several lack privacy protection and some even collect extensive behavioural data, according to a recent media release from the University of Basel. The detailed results of the study are not yet freely accessible; the researchers will present them at the Annual Privacy Forum at the beginning of September.

Collect offline, send online

In their study, the researchers wanted to know, for example, whether and how well the data sent is encrypted. Whether more data than necessary is collected and whether the associated app requires more access rights than necessary. In addition: how easy it is to gain insight into the collected data.

They summarise their findings as follows:

The Toniebox does not get a good rating because it does not securely encrypt data traffic. Privacy is also not guaranteed: The box collects behavioural data and sends it to the manufacturer. Study co-author Isabel Wagner suspects that even if the Toniebox is operated offline and is only briefly connected to the internet when loading new audio content, the device could store the collected data locally and send it at the next opportunity.

Companies would like to claim that the data is there to improve the devices. However, it is unclear what they are used for. "Companion apps for some toys demand completely unnecessary access rights, such as to the location or microphone of the smartphone," says Wagner.

Research group proposes security label

It is difficult for parents to see through the security risks. It is possible to argue that children are unlikely to suffer any negative consequences in individual cases, says Wagner. But you can't really be sure.

Her colleague Julika Feldbusch adds: There are already signs of a two-tier society when it comes to protecting children's privacy. "Well-informed parents are aware of this and can choose toys that do not create behavioural profiles of their children. But many lack the technical knowledge or don't have the time to deal with it."

The researchers are therefore in favour of a label on toy packaging if the safety and data protection standards are met - similar to food nutritional information.