The internet of toys: Working towards best practice in digital governance and the recognition of children’s rights in mediated contexts

Author Identifier

Francesca Stocco

Date of Award


Document Type

Thesis - ECU Access Only


Edith Cowan University

Degree Name

Doctor of Philosophy


School of Arts and Humanities

First Supervisor

Lelia Green

Second Supervisor

Cecilia Das

Third Supervisor

Kylie Stevenson


The Internet of Toys (IoToys) is a catch-all concept. Defined as “where toys not only relate one-on-one to children but are wirelessly connected to other toys and/or database data” (Holloway & Green, 2016, p. 506), children’s connected toys have been known to foster educational, social and interaction benefits. The benefits of IoToys are counterbalanced, however, with potential data privacy and security issues of children’s connected toys that have been raised by commentators and parents. These critiques have been widely circulated in the public sphere. In the lead up to the Christmas period (2018–2019) the candidate helped conduct a content analysis of media, policy and commercial discourses (n=~300+). Discussions around data privacy and security led to the identification of three children’s connected toys for particular attention in this thesis. These were: My Friend Cayla, a cloud-based interactive toy doll which has been withdrawn from the market; Parker Bear, an Augmented reality toy; and Fitbit Ace 2, a children’s fitness tracker. A step-by-step walkthrough following recommendations by Light et al., (2018), was applied to parents’ perspective of registering an account for their child in order to inspect the transparency of account creation for accessing toys’ companion apps. The vagueness protocols of Reidenberg et al., (2016) and Bhatia (2019) were amalgamated with the rhetorical language perspective of Pollach (2007), to inform a Constant Comparative Analysis (CCA) audit of the toys’ Terms of Service (ToS) documents, especially privacy policies. This CCA audit adopts an overarching linguistics perspective to explore the potential use of vague and ambiguous terms which companies could choose to address if they wished to adopt best practice in communicating privacy provisions. A case study methodology incorporates the CCA audit to explore IoToys companies’ compliance with the Children’s Online Privacy Protection Act (COPPA, US) and General Data Protection Act (GDPR, EU) relating to Parker Bear (US) and Fitbit Ace 2 (EU). This thesis concentrates upon these two latter toys to advance policy/regulatory development within a e-privacy context while embracing a children’s rights-based perspective.



Access Note

Access to this thesis is embargoed until 3rd January 2029

Access to this thesis is restricted. Please see the Access Note below for access details.