Banning a Smart Doll
In this briefing, we will take a look at the recent banning of the “Cayla” smart doll by German authorities, the surrounding confusion in the international press and future implications of the ban.
On February 16th the German Bundesnetzagentur (Federal Network Agency) issued a statement requesting that parents destroy Cayla smart dolls. The dolls are designed to connect to the internet and communicate with children via speech recognition. For example, they are designed to look up answers to simple questions a child may have online.
This move came after it was discovered that unauthorized phones and computers could connect to the doll via Bluetooth as the pairing mechanism wasn’t implemented correctly.
Why was the doll banned?
Most news outlets outside of Germany have mis-attributed the ban to a desire to protect children. After all, a stranger connecting to the doll and potentially speaking to a child is a deeply troubling scenario for any parent.
However, this by itself would not lead to a ban under German law. For one, there is no current legal authority to ban insecure smart devices. For another, the impact is somewhat limited as Bluetooth has a range of only a few dozen meters. A perpetrator would thus need to be in the immediate proximity of the child to begin with.
Instead, the doll was banned for a much more mundane reason: German laws prohibit the possession of concealed transmission devices. While this sort of prohibition may seem odd to citizens of most countries, Germany’s troubled past with surveillance under both the national socialist and East German regimes during the last century has led to very expansive privacy protection legislation.
Since the doll can be used as a bluetooth microphone and speaker but does not look like a transmission device, the Bundesnetzagentur decided to label it a concealed transmission device which makes it illegal to possess under current legislation.
This also explains why parents were requested to destroy the doll instead of merely banning its sale: Not only selling and buying but general possession of such devices is illegal.
As smart devices continue to proliferate, we expect a sharp uptick in similar cases. Most electronic devices are sold globally, making it very hard for companies to adapt to the many different and ever-changing privacy laws across countries. Many companies thus choose to simply sell smart devices and address privacy concerns as they come up.
Globally, the are two main strategies countries are adapting to cope with privacy concerns in the digital age: The first is to heavily regulate and legislate what devices may or may not do to protect citizens’ privacy. This leads to strong overall privacy but also stifles innovation and creates legal gray zones for hardware manufacturers.
The second approach is to view current privacy as an obsolete concept and let markets and local governments create new regulations on their own.This approach does not stifle innovation but leads to poorer overall citizen privacy and raises prospects of blanket surveilance. We expect both approaches to co-exist in different countries for the near future as legal and ethical frameworks around the globe adapt to the challenges posed by smart technologies.