A scenario where dolls come alive and start talking back to children sounds like a scene from an upcoming horror movie, but the new “Hello Barbie” doll has made such a scene a reality. Even though these new models of Barbie dolls may not have plans to take over the world, the impacts of such technologies could have horror-movie-level implications for privacy.
To understand the potential privacy implications of the new doll, it proves useful to first properly conceptualize the potential privacy areas of concern for the doll. Dan Solove’s privacy taxonomy views privacy through the lens of impact in four areas: information collection, information processing, information dissemination, and invasion. In the context of the new doll, information collection and information processing are both readily applicable. Information dissemination or invasion could also potentially apply in the event of breach of security of the data collected, but for now we will focus on the first two categories.
Hello Barbie dolls work by constantly collecting the conversations children have with the doll, and using that data (processing) to improve the doll’s responses. For the doll to properly collect data, it must follow standards of Notice and Consent. That is, users of the doll must be notified and must agree to have their data used in this manner. Because the doll does not have a direct screen, however, it proves difficult to notify users that their data is collected. As Meg Jones notes, these challenges are not unique to Hello Barbie. The lack of screens in Internet of Things objects makes it difficult to achieve Notice and Consent. On the other hand, though, a recent report from PCAST on Big Data and Privacy suggested that Notice and Consent alone is no longer sufficient to ensure privacy.
Ryan Calo’s assessment of robotic privacy risks in “Robots and Privacy” helps contextualize the social ramifications of a child using a Hello Barbie for companionship. Calo suggests that our tendency to anthropomorphize robots could cause us to feel less comfortable around them. While this may not necessarily be the case with the new doll, its humanistic qualities may deprive children of ever feeling alone, limiting their ability to reflect.
The final challenge to Hello Barbie privacy is specific to information processing. While people would naturally feel more appalled by human processing of Hello Barbie conversations, Jay Stanley would suggest that the real privacy violation, the consequences, would remain the same. No matter what, processing conversations will improve the Barbie’s ability to communicate, thus rendering it more valuable to the child and potentially giving it the access to acquire more data about the child. While a human processing the data inherently appears more damaging to privacy, both humans and machines could similarly have consequences with respect to the technology.
These considerations all suggest that the regulation of new technologies such as Hello Barbie will prove difficult. While minors are a protected group and various regulations exist to protect their data, privacy challenges remain. As Ryan Calo suggests in “The Drone as a Privacy Catalyst,” clear privacy violations help rally support around privacy legislation. New legislation could mandate strict Access Control Levels (ACLs) in the new technology or require regular reviews of audit logs if a human processes the data. However, privacy concerns will remain, and it is the role of policy to say “Hello, Barbie. I like how you learn from conversations, but you’d better preserve privacy too.”