Security and data protection for the Toniebox 2
Toniebox 2 is the latest generation of the popular, child-friendly audio system that offers audio plays, music, and interactive stories for children aged one and up. In addition to technical innovations such as more memory and interactive play functions, security and data protection play a central role—especially because the target audience is very young and parents place particular importance on privacy protection.
- The Toniebox 2 communicates with the Toniecloud via Wi-Fi to download content and receive updates. Each device has an individual client certificate and a unique Toniebox ID, which enables secure authentication with the Toniecloud.
- The Toniebox ID is linked to the customer account, which is also required to use many features, especially the Creative Tonies. During initial setup, the Toniebox ID is verified to ensure that only authorized devices can access the Toniecloud.
- However, when using the device, various data is transmitted: This includes, among other things, the IP address, timestamp, information about which Tonie figure is currently being used, as well as some interactions and usage behavior (such as volume changes or fast-forwarding).
- According to the company, this data is used for product improvement and customer benefit. At the same time, the company is obliged to randomly check uploaded content for legality, which some see as an invasion of privacy.
Criticism and negative aspects
Consumers and consumer protection advocates are particularly critical of the fact that data is transferred even before consent to the privacy policy has been given. According to experts and independent IT security institutes, this violates the EU General Data Protection Regulation (GDPR).
- Although the Toniebox 2 does not store any explicit personal data, it does allow conclusions to be drawn about the age or gender of the child based on usage data, which is critical for many reasons, especially because no explicit consent is given for this.
- In addition, some criticize the extensive access rights of the accompanying Tonie app, which collects more data than is necessary for its operation.
- Parents should therefore carefully check the privacy settings and, if necessary, object to the use of their data.
- The mandatory customer account also poses a hurdle for some, as it is hardly possible to use the Toniebox to its full potential without registering.
Safety measures of the Toniebox 2
The Toniebox 2 is robustly built, designed with children in mind, and works without a screen – which ensures both less distraction and greater safety.
- Wireless communication with the Toniecloud is encrypted using individual certificates to prevent unauthorized access.
- In addition, according to the manufacturer, all personal data is confidential and protected in accordance with legal requirements (GDPR, BDSG). Data is only passed on to third parties in limited cases, e.g., for customer service or shipping.
- The Tonies figures contain NFC chips that are recognized locally on the box, so that once content has been downloaded, no permanent internet connection is necessary, which reduces the risk of data leaks.
- Parents can reset the Tonies box to factory settings to delete personal content, which is highly recommended before passing the device on to someone else.
