Kate Smartphone Keyboard

Just in time for the holiday shopping rush, “Hello Barbie” has hit the shelves.  This Barbie actually talks back to its playmates and is the latest high-tech version of the iconic doll. The secret to this innovation? The Internet. Toymaker Mattel partnered with software firm ToyTalk to equip the doll with a microphone, voice-recognition, and cloud-based intelligence to give Barbie “call-and-respond” functionality. (Think Siri talking through Barbie.) Hello Barbie is yet another example of how the “Internet of Things” is permeating all aspects of consumer lives, as we connect more and more of our consumer goods to the Internet. But that new frontier has new challenges, and we’re seeing those challenges play out more frequently in the courts.

Earlier this week, two mothers filed a putative class action lawsuit against Mattel and ToyTalk after their children interacted with a Hello Barbie doll. The plaintiffs claim that the toy is incapable of satisfying the requirements of the Children’s Online Privacy Protection Act (COPPA), which imposes various privacy and security requirements on those operating online services directed at children, one of which is parental consent. The plaintiffs argue that the nature of how children use dolls – often sharing with one another – means that the IoT Barbie will inevitably collect information from children whose parents haven’t provided their consent. For this reason, the plaintiffs have also sued kidSAFE, an independent company that certifies COPPA compliance and that the plaintiffs allege wrongfully certified Hello Barbie. The plaintiffs allege that all of the defendants either knew, or should have known, better. And this not only violated COPPA, but also invaded the plaintiffs’ and class members’ privacy.

The complaint comes at a time when industry is already discussing the implications of IoT toys. Just last week, toymaker VTech announced a data breach that compromised potentially millions of children’s photos and chat logs. And last month, researchers openly questioned the security of the data collected from the Hello Barbie technology. Notably though, neither is referenced in the complaint.