Sitting on a shelf in a store, Cayla looks like a typical doll. Her hair is blond. Her eyes are blue. Her mouth is smiling. Once purchased, Cayla is supposed to be your child’s friend, a trusty doll companion. Except Cayla is not just any doll. Cayla is “connected,” allowing parents to listen in on their children via Bluetooth microphone and an app.
The problem? Parents might not be the only ones privy to those conversations.
This is why Cayla has recently been designated a spy by the Federal Network Agency, a German telecommunication watchdog. The “forbidden” toy is banned and cannot be sold, purchased or owned, according to the Wall Street Journal. Those who are harboring a Cayla in their home have been ordered to destroy it and get an official certificate saying they have done so. The certificate is to be signed by a waste-management company and sent to the agency as proof.
Parents who do not destroy their dolls could face a fine of roughly $26,500 and two years in prison.
My Friend Cayla is made by Genesis Toys and distributed in Europe by Vivid Toy Group.
“We take the safety of our products and our consumers’ experience extremely seriously — as well as, obviously, their compliance with all applicable rules and regulations in the markets in which we operate. However, the claims in the German media are factually incorrect and we are working with our German partners to resolve this issue,” Vivid Toy Group said in a statement released in February when Germany initially announced that the toy was “forbidden.” The statement went on to say that the toy is “perfectly safe to own and use when following the user instructions.”
- RELATED: A call to recall talking – and listening – dolls
- A new 3-D pen lets kids create their own toys
- American Girl heads to Toys R Us
The toy’s vulnerabilities were first exposed in 2015, when a security researcher from Pen Test Partners hacked the doll. The fear is that by hacking the doll, someone could communicate with children and obtain sensitive information. Researchers found that a phone with the right app can access a Cayla doll at 50 feet.
It’s not just German regulators who are concerned about Cayla’s vulnerabilities
Privacy experts, including organizations like Campaign for a Commercial Free Childhood, the Center for Digital Democracy and Consumers Union, have called on the Federal Trade Commission to better regulate the industry. In a complaint filed in early December, they alleged that Genesis Toys violated U.S. privacy laws and asked that the FTC investigate their claims.
“With the growing Internet of Things, American consumers face unprecedented levels of surveillance in their most private spaces, and young children are uniquely vulnerable to these invasive practices,“ said Claire T. Gartland, director of the Electronic Privacy Information Center’s Consumer Privacy Project, which also signed the petition. “The FTC has an obligation here to step in and safeguard the privacy of young children against toys that spy and companies that exploit their very voices for corporate gain.”
According to Gartland, children who think of Cayla as a friend might say all kind of personal things in front of it — things that are recorded and then distributed to third parties.