Harvesting data from children with cuddly creatures and cutesy keyboards
Summary: And you thought Beacon is (was) creepy.Yesterday I had my first experience at a Build-A-Bear Workshop store.
And you thought Beacon is (was) creepy.
Yesterday I had my first experience at a Build-A-Bear Workshop store. Build-A-Bear, if you're not familiar with it, is a publicly traded company headquartered in St. Louis, MO, with some 350 retail outlets worldwide. It's irresistible to boys and girls alike, if the birthday party we attended was any indication. Kids can choose one of over 30 different styles of animal, stuff it onsite using big yellow machines filled with flying fluff, carefully add a small heart to bring the animal "to life," and customize to their heart's content (and their parents' wallets' horror) from a stupefying collection of sounds, clothes, shoes, and accessories that include miniature skateboards and MP3 players.
All good, clean — if decidedly consumer-culture focused, and potentially bank-breaking — fun. Until you get to the last step in the process, which had me nostalgic for (egad) the Cabbage Patch Kids. Who as I recall were discharged from their mythical birthplace without asking for their new owner's home address.
You see, each Build-A-Bear critter is issued a "birth certificate," which is generated after the kids — and hopefully their parents, though that didn't seem to be making a bit of difference on the common sense front — visit a bank of computers. These are big orangey-purple affairs, sort of Dr. Seussian in presentation. The keyboard buttons include stars and other colored shapes to make data input all the easier and more intuitive for youngsters. In fact, the computer-plus-keyboard experience is very close (no doubt intentionally so) to something children and their parents might have experienced in a kids' museum, library, or school. Before their new friend can get its birth certificate, the kids are prompted to enter a host of very personal personal information: birth date, home address, gender, phone, and email among them. Along the way is the option to "skip" some of this input, but unlike what we're used to in the world of online retail forms, there's no effort to communicate what data is "required" for the transaction to proceed, and what's "optional." The overall effect is to sideline the privacy-savviness that might otherwise accompany the parent and/or child. I sat there and watched parent after parent prompt their kids to flex their memory muscles and practice their computer skills: "Ok Timmy, now, what's our address? What's your birthday? Do you remember our phone number? Good typing!!"
It's not until after the kids have given up all this data, most often with their parents help and lulled consent (though there's no requirement that parents participate at all), that Build-A-Bear gives its customers a copy of its privacy policy, which comes tucked away in the packaging folks take home.
I really don't have any problem with Build-A-Bear's privacy policy, or the tie-ins with the virtual world (Build-A-Bearville) the company hopes your child will visit with his or her new stuffed friend. But though the policy looks good on paper, this is a case where the execution stinks. Parents and kids should not be urged or encouraged to give up personal data, and when they're asked to do so there should be some up-front reminders as to what is happening.
Cory Doctorow likes to tell an anecdote about how today's children are becoming more and more inured to invasions of privacy. In his case, children in line at Disneyland thought it odd when he refused to supply a fingerprint. Here, kids are learning it's ok for a store to know quite a bit about them. Parents should make a stink about this sort of thing and be on the lookout for it.
(Bonus link: Kim Pallister, Can a stuffed bear hold the secret to game piracy?)
(Images by gitb and Brittany G, CC Attribution-2.0)
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
A scary anectdote
We all watched this little four year old girl a couple spots ahead of me go forward, and VERY proudly extend her limbs and show the "nice" security guard her pockets; to her, she was being a Good Girl, and she was very proud of herself.
Everyone around her was very impressed with her, and her obedience... except me. Someone went "Oh, that's so adorable!", and I - in front of her parents - went "Oh, no, that's so SCARY!", and when questioned by everyone (because obviously, me expressing concern about this means I really love Osama Bin Laden and hate America, Apple Pie, Jesus and Republicans), I reminded them that 1) we're entering into an Orwellian society if we're not careful, 2) I was an active duty serviceman, and 3) my Aircraft Carrier, to come onboard, didn't have security as ridiculous as that.
Companies that seriously do want to do data mining, and continually want to set how much data we give and how many limits we have on things that we own, they aren't really looking to our generation; they're looking to make the young ones comfortable with not having little freedoms like this. They already are; why do market research when people willingly give away their lives on Facebook?
RE: Harvesting data from children with cuddly creatures and cutesy keyboard
"Here, kids are learning it???s ok for a store to know quite a bit about them."
This is after watching Mom and Dad pump their details into Ebay, Amazon and Apple.com. How does little Timmy know there's a checkbox marked "Don't contact me about anything ever please."? He doesn't.
It's up to the parents to educate their children about the hazards of giving up too much data. It's up the parents to say to the employees "How do you use this data?" and "Can I see your privacy policy before I continue?"
On top of that, how many of those people you witnessed filling in their details at the workshop would actually read the privacy policy or any privacy policy on any website or form they fill in for that matter? A minority I would wager. Privacy policies and Terms and Conditions, for most people, are just another hurdle on the path to heavenly consumerism. How you get people to read and react to this information is something that not just the Build-a-Bear workshop needs to address.
Besides, if littly Timmy loses his Build-a-bear bear and someone drops it into a Build-a-bear workshop, they scan the label and know exactly who lost it. Then they'll ship it back to your free, having mended any damage to the bear.
For my child, that's worth the extra personal details.
RE: Harvesting data from children with cuddly creatures and cutesy keyboard
They actually use this data for good, not evil. As I understand it, each bear has its own unique ID number. If someone loses their bear, and someone else finds it and turns it into the shop, the shop can look up that number, find the child's name, address, and phone number, and contact them to let them know that their bear is OK.
Every bit of information that's listed in the excerpt can be used for good: Contact info for returning lost bears, birthday for sending birthday cards, and gender for personalizing messages sent from the company to the child.
And seriously, if you're worried that the Build-a-Bear Workshop knows that your little Sally is a girl, you've got paranoia issues.
(Also, to I post this comment, I had to fill out a long survey from ZDnet to get my membership set up, including my personal information like my email address and street address. Pot, meet kettle.)
@m.pearce and @JDHBiz