The Western Australian government has awarded nearly AU$350,000 to Edith Cowan University (ECU) to investigate the risks and benefits of internet-connected children's toys.
Researchers from the ECU's School of Arts and Humanities will use the funding to examine the implications of internet-connected toys on children's privacy and safety, the university said on Friday.
Dr Donell Holloway, who is leading the research, said the proliferation of internet-connected toys necessitates new policies to protect children's privacy.
"Children only see these as just another toy, perhaps with some special or extra abilities. But they are not necessarily thinking of privacy," Holloway said in a statement.
"We need regulations that clearly define who owns the huge amounts of children's data that is being collected and work out how we can ensure that children and their parents can control and hopefully retain ownership of their data."
Last month, an investigation by the Norwegian Consumer Council and security firm Mnemonic found internet-connected smartwatches for children contain a number of security vulnerabilities that allow hackers access to track the wearer's location, eavesdrop on conversations, or even communicate with the child user.
The investigation additionally found that with some of these devices, data is transmitted and stored without encryption.
According to another security researcher Troy Hunt, CloudPets maker Spiral Toys had left 2.2 million children's voice recordings and account information of more than 820,000 users exposed, leading to hackers stealing and ransoming user data on multiple occasions.
Two weeks prior to that German regulators warned that the My Friend Cayla doll could compromise the privacy of children, though fears around children's privacy had intensified with the release of the interactive talking Hello Barbie doll in 2015 and subsequent claims from researchers that the doll had cybersecurity flaws.
The ECU research project will, however, also look into the potential benefits of internet-connected toys on children.
"It's not all doom and gloom. There are plenty of positives to these toys. But the toy industry has moved along fairly quickly without pausing to think through some of these issues," Holloway said.
Last year, the Office of the Australian Information Commissioner found that 71 percent of IoT devices and services used by Australians failed to adequately explain how personal information was collected, used, and disclosed.
Over the past year, the need for privacy and security standards in Australia has been heavily advocated for, though nothing has come to fruition yet.
As a precursor to those standards, the Internet of Things Alliance Australia this week published its data best practice guide for B2C IoT device and service providers, outlining principles around customer protection, accountability, customer empowerment, cyber protection, customer data transparency, data minimisation, and customer data control.
PREVIOUS AND RELATED COVERAGE
When IoT devices are everywhere, the security headaches just get worse.
The federal government has committed AU$4 million worth of grants for the creation of entrepreneurial workspaces for children across the country.
While many remain concerned about the security of connected devices, a growing number of Australians are getting comfortable with the idea of paying via the Internet of Things.
IoT connected teddy bear leaks millions of kids' conversations, exposed database to blame (TechRepublic)
CloudPets connected stuffed animals recently leaked 2.2 million voice recordings of parents and children, due to poor database security.