Harvesting data from children with cuddly creatures and cutesy keyboards

Harvesting data from children with cuddly creatures and cutesy keyboards

Summary: And you thought Beacon is (was) creepy.Yesterday I had my first experience at a Build-A-Bear Workshop store.


Harvesting data from children with cuddly creatures and cutesy keyboards

And you thought Beacon is (was) creepy.

Yesterday I had my first experience at a Build-A-Bear Workshop store. Build-A-Bear, if you're not familiar with it, is a publicly traded company headquartered in St. Louis, MO, with some 350 retail outlets worldwide. It's irresistible to boys and girls alike, if the birthday party we attended was any indication. Kids can choose one of over 30 different styles of animal, stuff it onsite using big yellow machines filled with flying fluff, carefully add a small heart to bring the animal "to life," and customize to their heart's content (and their parents' wallets' horror) from a stupefying collection of sounds, clothes, shoes, and accessories that include miniature skateboards and MP3 players.

All good, clean — if decidedly consumer-culture focused, and potentially bank-breaking — fun. Until you get to the last step in the process, which had me nostalgic for (egad) the Cabbage Patch Kids. Who as I recall were discharged from their mythical birthplace without asking for their new owner's home address.

You see, each Build-A-Bear critter is issued a "birth certificate," which is generated after the kids — and hopefully their parents, though that didn't seem to be making a bit of difference on the common sense front — visit a bank of computers. These are big orangey-purple affairs, sort of Dr. Seussian in presentation. The keyboard buttons include stars and other colored shapes to make data input all the easier and more intuitive for youngsters. In fact, the computer-plus-keyboard experience is very close (no doubt intentionally so) to something children and their parents might have experienced in a kids' museum, library, or school. Before their new friend can get its birth certificate, the kids are prompted to enter a host of very personal personal information: birth date, home address, gender, phone, and email among them. Along the way is the option to "skip" some of this input, but unlike what we're used to in the world of online retail forms, there's no effort to communicate what data is "required" for the transaction to proceed, and what's "optional." The overall effect is to sideline the privacy-savviness that might otherwise accompany the parent and/or child. I sat there and watched parent after parent prompt their kids to flex their memory muscles and practice their computer skills: "Ok Timmy, now, what's our address? What's your birthday? Do you remember our phone number? Good typing!!"

It's not until after the kids have given up all this data, most often with their parents help and lulled consent (though there's no requirement that parents participate at all), that Build-A-Bear gives its customers a copy of its privacy policy, which comes tucked away in the packaging folks take home.

I really don't have any problem with Build-A-Bear's privacy policy, or the tie-ins with the virtual world (Build-A-Bearville) the company hopes your child will visit with his or her new stuffed friend. But though the policy looks good on paper, this is a case where the execution stinks. Parents and kids should not be urged or encouraged to give up personal data, and when they're asked to do so there should be some up-front reminders as to what is happening.

Harvesting data from children with cuddly creatures and cutesy keyboardsCory Doctorow likes to tell an anecdote about how today's children are becoming more and more inured to invasions of privacy. In his case, children in line at Disneyland thought it odd when he refused to supply a fingerprint. Here, kids are learning it's ok for a store to know quite a bit about them. Parents should make a stink about this sort of thing and be on the lookout for it.

(Bonus link: Kim Pallister, Can a stuffed bear hold the secret to game piracy?)

(Images by gitb and Brittany G, CC Attribution-2.0)

Topic: Legal

Denise Howell

About Denise Howell

Denise Howell is an appellate, intellectual property and technology lawyer who enjoys broad industry recognition for her expertise on the intersection of emerging technologies and law.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • A scary anectdote

    I remember, a few years ago while I was still in the Service, I'd come home on leave and went to a local minor league hockey game. Before letting us into the stadium, they did the wand test, and made us empty our pockets; if we had something like a camera phone, we had to put it back in the car, because obviously, a massive threat to Americans is the spectre of someone taking a crappy picture at an AHL game.

    We all watched this little four year old girl a couple spots ahead of me go forward, and VERY proudly extend her limbs and show the "nice" security guard her pockets; to her, she was being a Good Girl, and she was very proud of herself.

    Everyone around her was very impressed with her, and her obedience... except me. Someone went "Oh, that's so adorable!", and I - in front of her parents - went "Oh, no, that's so SCARY!", and when questioned by everyone (because obviously, me expressing concern about this means I really love Osama Bin Laden and hate America, Apple Pie, Jesus and Republicans), I reminded them that 1) we're entering into an Orwellian society if we're not careful, 2) I was an active duty serviceman, and 3) my Aircraft Carrier, to come onboard, didn't have security as ridiculous as that.

    Companies that seriously do want to do data mining, and continually want to set how much data we give and how many limits we have on things that we own, they aren't really looking to our generation; they're looking to make the young ones comfortable with not having little freedoms like this. They already are; why do market research when people willingly give away their lives on Facebook?
  • RE: Harvesting data from children with cuddly creatures and cutesy keyboard

    I think you worry to much Denise.

    "Here, kids are learning it???s ok for a store to know quite a bit about them."

    This is after watching Mom and Dad pump their details into Ebay, Amazon and Apple.com. How does little Timmy know there's a checkbox marked "Don't contact me about anything ever please."? He doesn't.

    It's up to the parents to educate their children about the hazards of giving up too much data. It's up the parents to say to the employees "How do you use this data?" and "Can I see your privacy policy before I continue?"

    On top of that, how many of those people you witnessed filling in their details at the workshop would actually read the privacy policy or any privacy policy on any website or form they fill in for that matter? A minority I would wager. Privacy policies and Terms and Conditions, for most people, are just another hurdle on the path to heavenly consumerism. How you get people to read and react to this information is something that not just the Build-a-Bear workshop needs to address.

    Besides, if littly Timmy loses his Build-a-bear bear and someone drops it into a Build-a-bear workshop, they scan the label and know exactly who lost it. Then they'll ship it back to your free, having mended any damage to the bear.

    For my child, that's worth the extra personal details.
  • RE: Harvesting data from children with cuddly creatures and cutesy keyboard

    I think that y'all are over-reacting a little here.

    They actually use this data for good, not evil. As I understand it, each bear has its own unique ID number. If someone loses their bear, and someone else finds it and turns it into the shop, the shop can look up that number, find the child's name, address, and phone number, and contact them to let them know that their bear is OK.

    Every bit of information that's listed in the excerpt can be used for good: Contact info for returning lost bears, birthday for sending birthday cards, and gender for personalizing messages sent from the company to the child.

    And seriously, if you're worried that the Build-a-Bear Workshop knows that your little Sally is a girl, you've got paranoia issues.

    (Also, to I post this comment, I had to fill out a long survey from ZDnet to get my membership set up, including my personal information like my email address and street address. Pot, meet kettle.)
  • @m.pearce and @JDHBiz

    My problem is not with the collection of data or the type collected; it's with the sneaky way it's done. When you input your information for a ZDNet login, it was in context. You were told what was required and what wasn't. Build-A-Bear doesn't present its privacy policy up front, or conspicuously indicate what is and is not "required." Finally, the creepiest part of it for me is the atmosphere and presentation of the in-store data-entry stations, which masquerade as something educational or developmentally beneficial, but really are just a means to a commercial end the parents might well object to if presented in another context. These strike me as the same parents giving themselves nightly headaches over Facebook and MySpace, being lulled into submission as it were. (Can you imagine the outcry if MySpace or Facebook were to make it this attractive for kids to give up personal data? Makes Joe Camel seem almost benign.)
    Denise Howell