First, it was the “Internet of Things” and now it is the “Internet of Dolls.” Mattel, maker of the iconic Barbie doll, has announced plans to introduce “Hello Barbie,” a doll with a Siri-like ability to communicate. The new Barbie, which connects to the cloud through WiFi, can have conversations, tell jokes, and play games with the children who own them.

Hello Barbie also has the ability to listen and learn girl’s preferences and adapt to them accordingly.  During a recent demonstration when a Hello Barbie prototype was asked “What should I be when I grow up?” she responded “Well, you told me you like being on stage. How about a dancer? Or a politician? Or a dancing politician?”

This Barbie doll is likely just the first in what will surely be a long line of dolls and toys that have incredible technological capabilities—whether it is a Siri-like ability to communicate, video recording technology, or the chance to communicate to friends.

But, as these new frontiers of play develop, manufacturers and marketers need to work to ensure that we can strike a balance between innovative play and children’s safety and privacy. And the lines aren’t always clear.

For example, under the Children’s Online Privacy Protection Act (COPPA), any online entity that is collecting personal information from children under 13 is required to meet certain obligations with respect to privacy, parental notice, and consent.  But COPPA likely did not anticipate an ongoing, interactive information-sharing exchange between young children and their toys. 

So, in this new world of highly technological and interactive toys that can gather information and transmit it through the cloud, what does parental consent for information collection look like?  Can parents give blanket consent for the collection of all personal information for that product? And what do data retention policies look like? If services are only supposed to retain data as long as is necessary to fulfill their purpose, is that the lifetime of the toy? 

And how can companies use the information they collect from children? Can the information be used for tailored marketing to young children? Once a company learns that a little girl likes horses can they send her mail, online ads, or emails telling her about the latest pony-themed toys and apps?

In a more troubling scenario, what if someone is able to hack into the toy’s network (as was done when a “secure” live-streaming video baby monitors were hacked and more than 700 feeds of young children playing and children sleeping were posted online) and a predator learns a child’s favorite color, best friend’s name, or favorite playground? What responsibility does the company have for information that gets leaked into the public domain? 

Granted, there are high-anxiety situations our imaginations can conjure up, but fear and worst-case scenarios shouldn’t paralyze us or prevent us from bringing exciting new products to the market. Of course, though, as with any new product, a thoughtful and proactive review of the product, its capabilities, and its risk, is essential.