The Internet of Things (IoT) has already arrived, but do consumers really understand how these devices are gathering data?  And are companies such as Amazon complying with federal law with these new devices.  Some are concerned that Amazon’s “virtual assistant,” Echo, is violating the Children’s Online Privacy Protection Act (COPPA) in its marketing and collection of data.

An investigation by the Guardian has found that despite Amazon marketing the Echo to families with young children, the device is likely to contravene the US Children’s Online Privacy Protection Act (COPPA), set up to regulate the collection and use of personal information from anyone younger than 13.

The Center for Digital Democracy‘s executive director is concerned that this is the “first wave” of marketing IoT devices to children, “It is exactly why the law was enacted in the first place, to protect young people from pervasive data collection.”

Perhaps more concerning to parents may be that virtual assistant’s like the Echo have the ability, and in fact regularly do, store audio files of requests–including those from children–in the cloud.  This information is used to improve the product itself, but also to market new products to those using it, including children.

Khaliah Barnes of the Electronic Privacy Information Center (EPIC) bluntly explained the danger of these devices.

“Parents cannot reasonably review all the information that these ‘always on’ devices are collecting from children,” she says. “Then what about data security, hacking or when you walk into a home and you’re not aware there’s a recording device there?”

We hope that any company marketing IoT devices to the public recognizes the heightened deference that should be given to children’s privacy.  Of course, it doesn’t appear that all companies are reacting as such in an attempt to get ahead in the market place.