German watchdog group the Bundesnetzagentur (Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railway) warns that hackers can use Cayla to steal personal data through an unsecured Bluetooth connection. It's already removed the doll from store shelves, and it's encouraging parents to take precautions.
"Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people's privacy. This applies in particular to children's toys. The Cayla doll has been banned in Germany," said Bundesnetzagentur President Jochen Homann. "This is also to protect the most vulnerable in our society."
Over 18 privacy groups filed complaints with the US Federal Trade Commission and the European Union about connected toys like My Friend Cayla last year. They claimed manufacturer Genesis Toys and its tech partner Nuance violated deceptive practices and privacy laws by recording and transmitting children's voices without permission.
Stories of hacked devices like headphones and pacemakers are unsettling, but the idea of compromised children's toys is extra creepy. Since the dolls use an unprotected wireless Bluetooth connection, anyone in the vicinity could potentially listen in to the conversation. A company could also use the toys to advertise directly to children, or it could sell the information it gathers to police and intelligence agencies.