Together with the security firm Mnemonic, the Norwegian Consumer Council tested several smartwatches for children. Our findings are alarming. We discovered significant security flaws, unreliable safety features and a lack of consumer protection.
“It’s very serious when products that claim to make children safer instead put them at risk because of poor security and features that do not work properly,” says Finn Myrstad, Director of Digital Policy at the Norwegian Consumer Council.
“Importers and retailers must know what they stock and sell. These watches have no place on a shop’s shelf, let alone on a child’s wrist.”
The Consumer Council is referring the manufacturers to the Norwegian Data Protection Authority and the Consumer Ombudsman for breaches of the Norwegian Personal Data Act and the Marketing Control Act. These legal acts are based on the EU’s Data Protection Directive and the Directive on unfair terms in consumer contracts, and thus constitutes a breach of EU law. The watches are available in multiple EU member states (see below for an overview).
The watches have continued to be actively promoted after the Norwegian, European, and international contact points of the companies were warned of the findings.
Serious security flaws
Through a few simple steps, a stranger can take control of the watch and track, eavesdrop on and communicate with the child. They will be able to track the child as it moves or make it look like the child is somewhere it is not. Some of the data is transmitted and stored without encryption.or
False sense of security
The SOS function in the Gator watch, and the whitelisted phone numbers function in the Viksfjord, are particularly poorly implemented. The alerts that are transmitted when the child leaves a permitted area are also unreliable.
Illegal or non-existent terms and conditions
Some of the apps associated with the watches lack terms and conditions. It is also not possible to delete your data or user account. These are clear breaches of both the Norwegian Marketing Control Act and the Personal Data Act.
See how the watches fail
Importers and manufacturers notified of the findings
Ahead of publication of the report, the Consumer Council alerted the Norwegian Data Protection Authority, which in turn notified the importers and manufacturers in question to allow them to rectify the issues. The manufacturers of the watches claim that some of the security flaws have now been fixed. For more informastion; GPS for barn, Gator Norge, Tinitell and Xplora.
“Yet again, as with the #toyfail-report, we are seeing how many internet-connected products fail to comply with consumer and data protection laws, in addition to basic security standards. The industry and the authorities both have a responsibility for ensuring that consumers are not put at risk by unsafe products,” Finn Myrstad stated.
Consumer organisations in Europe and the US will also be pursuing our findings with their respective authorities, both nationally and at an EU level.
- We would refrain from buying these smartwatches until features and security standards are satisfactory.
- Ask the seller for your money back and point to the security failings, the features that do not work and the privacy breaches.