Toying with Privacy: Regulating the Internet of Toys

Research output: Contribution to journalArticlepeer-review


Recently, toys have become more interactive than ever before. The emergence of the Internet of Things (IoT) makes toys smarter and more communicative: they can now interact with children by "listening" to them and responding accordingly. While there is little doubt that these toys can be highly entertaining for children and even possess social and educational benefits, the Internet of Toys (IoToys) raises many concerns. Beyond the fact that IoToys devices might be hacked or simply misused by unauthorized parties, datafication of children by toy conglomerates, various interested parties, and perhaps even their parents could be highly troubling. It could profoundly threaten children's right to privacy by subjecting and normalizing them to ubiquitous surveillance and datafication of their personal information, requests, and any other information they divulge. While American policymakers acknowledged the importance of protecting children's privacy online back in 1998 when crafting Children's Online Privacy Protection Act (COPPA), this regulatory framework might become obsolete in the face of the new privacy risks that arise from IoToys. Do fundamental differences between websites and IoToys necessitate a different legal framework to protect children's privacy? Should policymakers recalibrate the current legal framework to adequately protect the privacy of children who have IoToys devices? Finally, what are the consequences for children's privacy of ubiquitous parental surveillance through IoToys--allegedly granted to safeguard children from online risks? And how might children's privacy be better framed and protected in this context?. This Article focuses on the privacy concerns that loToys raises. Part II briefly outlines the evolution of IoToys while examining its devices' capacity to collect and retain data. Then, in reference to the legal framework chosen to protect children from online datafication twenty years ago, Part III discusses the American perception of children's privacy, focusing on COP PA. Through this analysis, this Part will show how key market players currently comply with COP PA regulation, and it will evaluate whether such compliance is relevant to IoToys's dangers and challenges. Part IV revisits COPPA, challenges it, and in calling for its recalibration, offers some practical solutions to IoToys's privacy threats. Thereafter, Part V normatively evaluates children's conception of privacy, argues that IoToys's monitoring practices could jeopardize the parent-child relationship, and calls for recalibrating children's privacy in the digital era. The final part summarizes the discussion and concludes that children's privacy matters today perhaps more than ever before and that the potential movement toward a ubiquitous surveillance era should not lead to its demise.
Original languageEnglish
Pages (from-to)399-454
Number of pages56
JournalOhio State Law Journal
Issue number3
StatePublished - 2019


  • Right of privacy
  • Children's rights
  • Toys
  • Internet of things
  • United States. Children's Online Privacy Protection Act of 1998
  • Electronic toys


Dive into the research topics of 'Toying with Privacy: Regulating the Internet of Toys'. Together they form a unique fingerprint.

Cite this