Electronic toymaker VTech settles for $650,000 with FTC over children’s privacy suit

http://ift.tt/2m7Fy1p


The Federal Trade Commission said today that the electronic toymaker VTech Electronics has agreed to settle for a fine of $625,000, to be paid within the next seven days, after charges that it violated children’s privacy. The Hong Kong-based VTech is also the parent company of LeapFrog, a popular brand for educational entertainment for children.

The FTC alleges that VTech collected “personal information of hundreds of thousands of children” through its KidiConnect mobile app “without providing direct notice and obtaining their parent’s consent.” The personal information included children’s first and last names, email addresses, date of birth, and genders. VTech also allegedly stated in its privacy policy that such data would be encrypted, but did not actually encrypt any of it.

Under the Children’s Online Privacy Protection Act (COPPA), companies are required to disclose information collection practices and obtain consent from parents when collecting information from children under age 13.

“As connected toys become increasingly popular, it’s more important than ever that companies let parents know how their kids’ data is collected and used and that they take reasonable steps to secure that data,” Maureen Ohlhausen, the acting FTC chairman, said in a statement on the FTC website. “Unfortunately, VTech fell short in both of these areas.”

The settlement dates back to the 2015 data breach that VTech suffered. By November 2015, about 2.25 million parents had registered and created accounts on VTech’s platform for almost 3 million children. At the same time, VTech was informed by media that a hacker had accessed its computer network and children’s personal information.

Although VTech has agreed to pay the fine, in a press release it says, “VTech does not admit any violations of law or liability.” And VTech still claims on its site that its smart device and app have been designed to be the “perfect tech toy for kids” with children’s safety and security in mind.

In addition to the monetary settlement, VTech is also required to start running a comprehensive data security program that will be subject to independent audits for 20 years.



from The Verge http://ift.tt/1jLudMg
via IFTTT