Enhance Parental Control in Smart Toys
Problem Summary
Smart toys introduce significant privacy concerns related to protecting children's data. Existing privacy control tools are often complex and not user-friendly, making them challenging for parents and guardians, who typically lack technical expertise.
Rationale
To assist parents in enhancing the protection of children's privacy in the dynamic environment of smart toys by filling the existing gaps in privacy control tools for smart toys by making them more usable, standardised, and comprehensive.
Solution
To enhance the privacy control tools for smart toys by making them more user-friendly and effective in protecting children's privacy.
Albuquerque et al. [1] noted the absence of a standardised reference solution in the literature and proposed a comprehensive framework to fill this gap.
They developed a conceptual model for a smart toy parental control tool to address the limitations of existing solutions.
First, they elicited a set of requirements for parental control based on scientific and technical literature. Then, they structured a model using Unified Modelling Language (UML) diagrams, focusing on key features like creating a user profile, establishing privacy rules, and managing them. For user profile creation, parents provide contact details, agree to updates, input the child's data, consent to agreements, and authenticate access. Privacy rule creation involves specifying rule details, configuring access controls, and reviewing the rule. The tool allows parents to manage, view, edit, or delete privacy rules, with an option to choose predefined templates.
A proof-of-concept app an its source code is available at https://github.com/OtavioAlb/ParentalControlPrototype.
Salgado et al. [2] addressed the usability challenges in smart toy privacy control interfaces. The authors structured process included an open Card Sorting with potential users, followed by cluster analysis and a comparison with the nutrition label (by Kelley et al. ) model. They collected 30 valid responses and observed two main branches in the resulting dendrogram, indicating a distinction between terms related to privacy policies and the creation of privacy rules.
The authors also prototyped (using Marvel App) a parental control as an Android-like version of an existing model and then adapted the nutrition label model based on Card Sorting and cluster analysis results. They used a mini-Information Architecture (mini-IA) process to reshape the nutrition label into a more user-friendly interface, aligning with Western reading styles. Google's Material Design guidelines and assets from the Marvel App prototyping tool were utilised in the process.
Overall, the authors found the suggestion that adopting the nutrition label model and consolidating rules in a single interface could enhance the efficiency of parental controls, saving users time and effort. Icons from the nutrition label were updated for better visibility on mobile screens, aligning with Google Material Design symbols. This approach improved usability and streamlined the process of creating privacy rules for various services.
Platforms: smart devices, mobile devices
Example
![Template-based privacy rule creation option <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/thumbnails/uploads/guideline_images/smart-toys-reference-create_8iCJPsQ.jpg)
Template-based privacy rule creation option [1]. (See enlarged)
![Three main screens of the parental control: manage rules, parent area, and support area <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/thumbnails/uploads/guideline_images/smart-toys-reference-main-screens.jpg)
Three main screens of the parental control: manage rules, parent area, and support area [1]. (See enlarged)
![Parent profile creation <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/thumbnails/uploads/guideline_images/smart-toys-reference-parent_RmQwygX.jpg)
Parent profile creation [1]. (See enlarged)
![Parental control prototype as in <a href="#section2">[2]</a>.](/upcguidelines/media/uploads/guideline_images/thumbnails/uploads/guideline_images/card-sorting_qAtVdnB.jpg)
Parental control prototype [2]. (See enlarged)
![Three main screens of the parental control: manage rules, parent area, and support area <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/smart-toys-reference-main-screens.png)
![Template-based privacy rule creation option <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/smart-toys-reference-create-rule-templates.png)
![Parental control prototype as in <a href="#section2">[2]</a>.](/upcguidelines/media/uploads/guideline_images/card-sorting_qAtVdnB.png)
![Parent profile creation <a href="#section1">[1]</a>.](/upcguidelines/media/uploads/guideline_images/smart-toys-reference-parent-profile-creation.png)
Use cases
- Empowering parents to protect their children's privacy with parental privacy controls.
Pros
- Adopting the nutrition label model simplifies privacy rule creation by consolidating all rules into a single interface, potentially saving users time and effort [2]. A survey study revealed high user appreciation for the functional requirements, indicating the proposed solution's suitability for theoretical and practical applications [1].
Cons
- The study acknowledges limitations in generalising the proposed conceptual model beyond countries covered by major privacy policies (COPPA, PIPEDA, GDPR, SIP-BENCH III), such as the USA, Canada, and the European Union [1]. Although the final prototype was not validated with users, it was built based on a card sorting experiment to group privacy-related contents in the proposed design [2].
Privacy Choices
This guideline discusses the characteristics of privacy choices in smart toys, emphasising the need for more standardised and usable privacy controls. These considerations align with the broader design space of privacy choices, acknowledging the complexity and variability inherent in how users make informed privacy decisions.
Considering the design space for privacy choices [3], this guideline can be applied in the following dimensions:
- On-demand
This guideline can be applied on-demand since the proposed solutions incorporate elements of on-demand privacy choices by allowing users to actively seek, locate, and adjust privacy settings based on their preferences and interactions with the system.
- At Setup
This guideline can be applied at setup since the proposed solutions consider aspects of obtaining user consent and allowing users to make privacy choices during the setup or initial interaction with the system.
- Visual
This guideline presents solutions designed to be delivered visually in the form of text, images, and icons.
- Feedback
This guideline presents solutions that can provide timely feedback on privacy choice status, especially in scenarios where immediate adjustments are possible.
- Enforcement
The solutions presented in this guideline incorporate elements related to enforcing users' privacy decisions, considering various enforcement actions, and the ability to record and enforce changes in users' privacy preferences.
- Presentation
Privacy choices always have a presentation that involves a system providing clear and easily understandable information to users about potential data practices, available options, and how to communicate privacy decisions, often incorporating multiple components and integrating with related privacy notices, requiring careful consideration of design dimensions such as timing, channel, and modality [3].
This guideline presents solutions that incorporate elements that align with the definition of presentation of privacy choices, aiming for clarity, understanding of data practices, and effective communication with users regarding their privacy decisions.
- Primary
Although primary channels are limited in the IoT context due to a lack or limitation of user interfaces, this guideline can be applied in cases where such interfaces are available in the device's visual modality.
- Secondary
This guideline is suitable for secondary channels since interfaces may be limited in smart devices. "Websites and mobile apps are particularly suitable for privacy choices in the IoT context" [3].
Control
The discussed solutions are designed to give users more control over privacy preferences, decisions on data sharing, and interactions with smart devices, especially when a supervision relationship is involved. They address the core elements of control, allowing users to influence how service providers handle personal data actively [4]. Other related privacy attributes:
This recommendation also helps in communicating data collection to users, facilitating the visualisation of the collected data [4].
This guideline also addresses transparency since it can offer clarification before consent.
References
[1] Otavio de Paula Albuquerque, Marcelo Fantinato, Hung, Patrick C.K. Hung, Sarajane Marques Peres, Farkhund Iqbal, Umair Rehman, and Muhammad Umair Shah. Recommendations for a smart toy parental control tool. J Supercomput 78, 2022, 11156–11194. https://doi.org/10.1007/s11227-022-04319-4
[2] André de Lima Salgado, Felipe Silva Dias, João Pedro Rodrigues Mattos, Renata Pontin de Mattos Fortes, and Patrick CK Hung. Smart toys and children's privacy: usable privacy policy insights from a card sorting experiment. In Proceedings of the 37th ACM International Conference on the Design of Communication, 2019, 1-8. https://doi.org/10.1145/3328020.3353951
[3] Yuanyuan Feng, Yaxing Yao, and Norman Sadeh (2021). A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things. In CHI Conference on Human Factors in Computing Systems (CHI ’21), May 8–13, 2021, Yokohama, Japan. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/3411764.3445148
[4] Susanne Barth, Dan Ionita, and Pieter Hartel (2022). Understanding Online Privacy — A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines. ACM Comput. Surv. 55, 3, Article 63 (February 2022), 37 pages. https://doi.org/10.1145/3502288