Lots of kids will be gifted connected toys this holiday season, and while I'm all for spoiling children, I also suggest thinking about the risks that come with an internet-connected plaything. Many of these devices connect to the web or rely on companion apps, and most of them collect data about your child. Beyond security vulnerabilities, the way these companies treat data is worth considering.

Mattel's Hello Barbie, for example, lets kids talk to their doll. The doll can carry a simple conversation and will remember its owner's likes and dislikes. A company called ToyTalk provides the voice recognition software and processes all the voice data it receives. The company explains in its privacy policy that it uses that voice data to improve its own product. It says:

We may also use, store, process, convert, transcribe, analyze or review voice recordings (along with text and transcriptions derived from the voice recordings) in order to provide, maintain, analyze and improve the functioning of the speech processing services, to develop, test or improve speech recognition technology and artificial intelligence algorithms, to develop acoustic and language models, and for other research and development and data analysis purposes.

Basically, the data your child gives to Hello Barbie, whether it's intentional or not, lives on ToyTalk's servers and the company can access it whenever it wants. It shares information with other third parties, too, including vendors that help maintain the technology.

Now, it might not bother you that your kid's voice data improves ToyTalk's software. You're technically improving their own toy, too. But at the same time, once that data is out there, it's difficult to recall. Data often spreads far and wide, and it's transferred from company to company during acquisitions. Who knows where those files could ultimately end up.

None of this might matter to you, and that's fine. Just please, read the privacy policy for your kid's toy before handing over parental permissions.