Wednesday to Sunday!
31 Jan – 4 Feb 2018
The digital revolution in the toy world is no surprise. After all, with mums and dads hardly able to tear their eyes away from their smartphones, kids also want to get their hands on these gadgets and technologies. Such digital shifts are presenting manufacturers of children’s toys with completely new challenges. They must now hire IT people. But more than that, requirements in complex areas such as IT security and data privacy in particular are also increasing.
There can be many pitfalls associated with developing and using the relevant technologies and platforms and these are in no way trivial. A number of data privacy incidents from last year, such as those involving educational learning toy manufacturer VTech and Mattel’s "Hello Barbie", are just some examples of this.
Manufacturers of digital toys can take a leaf out of the video game industry’s book somewhat when it comes to this problem. The computer and video game industry has been facing such data privacy challenges since at least the development of online multiplayer games. These challenges have become even greater in recent years. For example, it is no longer sufficient to simply guarantee security on game servers. On the one hand, computer and video games are increasingly downloaded via online platforms nowadays. On the other hand, elements of online social networks are now an important aspect of many games.
As a result of this, many computer and video game companies which sell their games via their own or external online platforms or have created their own community networks have to handle lots of sensitive information relating to their customers. This ranges from socio-demographic data, such as age and gender, and invoice addresses through to credit card information.
It is very important for each individual company in the toy industry as well as the computer and video game industry as a whole that this data be protected. Recurring problems with respect to IT security and data privacy would permanently damage customer confidence in the associated platforms and services, which will continue to gain relevance, and therefore have a strong impact on market development.
IT security and data privacy breaches are particularly sensitive when they involve data relating to young adults or even children. So what needs to be watched out for in this respect? The surprising news first: the European Data Protection Directive and its German counterpart have few special provisions for handling the data of minors. In actual fact, the European Data Protection Directive is less strict than, for example, the Child Online Protection Act (COPA) in the US. The age from which minors can decide for themselves how their data is handled by giving consent is an especially relevant question with respect to data privacy laws here.
The German Data Protection Act (Bundesdatenschutzgesetz - BDSG) does not currently define a fixed age limit, but instead provides an abstract mechanism: if the minor has the necessary capacity, then he or she may consent independently. In practical terms, this presents considerable difficulties for companies. After all, how should they establish this using, e.g. an input screen on a website or app?
Therefore, 14 has become the de facto age limit in practice. When in doubt, minors of at least this age may consent independently to their data being used. If the child is younger, however, the consent of a parent or guardian is required. The European Union's new General Data Protection Regulation should improve clarity with regard to this in the future as an age limit of 16 will then apply across Europe. However, Member States may again allow for exceptions in some cases.
When handling the data of minors, it must be ensured that texts aimed specifically at minors can also be understood by them to a sufficient degree, to name just one example. This applies to declarations of consent and privacy statements in particular.
Below are the key principles which toy manufacturers should be aware of when handling customer data:
Transparency can be achieved online through a legally mandated privacy statement. It is important that the privacy statement clearly indicates to the average reader how their data will be used. The forthcoming EU General Data Protection Regulation already alluded to will offer one interesting approach involving the use of pictograms. To a certain extent, companies can already go a step beyond and document their conscientious handling of data through test and quality seals, thereby signalling to parents that they can trust how data will be dealt with when it comes to products for children and young people in particular.
Companies demonstrate to concerned parents the degree of importance they place on data privacy when they heed these principles relating to data handling, ensure communication is always transparent and understandable and build up data security expertise in-house. Only in this way can the toy industry boost confidence in the digital, internet-connected toys making their way into children’s hands for the long term.
Be the first to know what moves the toy industry! With the play it! online newsletter, you get the latest information on toy trends and innovations, best practice tips from experts as wells as updates on current toy market developments worldwide. Register now!