VTech Lawsuit First FTC Case Involving Connected Toys

Today, January 8th, electronic toy manufacturer VTech agrees to settle FTC Chargers alleging the company violated both U.S children’s privacy law and FTC Act. This marks the first FTC case involving children’s privacy security through connected toys.

The Department of Justice filed a complaint on behalf of the FTC which claims that VTech collected personal information from children without parental approval. Their electronic toys used “Kid Connect” app collected information without notice to parents, violating the Children’s Online Privacy Protection Act (COPPA). What’s more the FTC claims that VTech failed to take reasonable steps to secure the personal data it collected.

COPPA protects online personal data of children under 13 years of age by requiring companies follow steps to ensure the information is safe and clearly disclosing collection practices to parents. The company has to let parents know how this information will be used and verify their consent. By November 2015 approximately 2.25 million parents registered nearly 3 million children on VTech’s online platform, Learning Lodge Navigator. Learning Lodge collected personal information from parents and provided downloads for the Kid Connect app (638,000 accounts) and Planet VTech (130,000 accounts) web gaming and chat platform. Personal information of children was collected through the app. The collected data included parents name, email address, children’s name, date of birth, and gender.

VTech violated the FTC Act by falsely stating in its privacy policy that the personal information collected from users through its web-based applications would be encrypted and protected. None of the information was encrypted nor did it take reasonable measures to protect the confidentiality, security, and integrity of the personal information they collected from the children. In November 2015 a journalist found that VTech had been hacked and the personal data collected from the Kid Connect app was accessed. VTech has agreed to pay the settlement of $650,000 and is permanently prohibited from violating COPPA in the future and misrepresenting its security and privacy policies. In the Settlement the FTC required VTech to implement a comprehensive data security program, subject to independent audits for the next 20 years.

The full press release can be found here.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email