The FTC's complaint accused the company of collecting the personal information of hundreds of thousands of children through an app called Kid Connect that was used with some of VTech's electronic toys. VTech will pay the FTC $US650,000 over charges it violated the Children's Online Privacy Protection Act (COPPA) and "failing to take reasonable steps to secure the data it collected", according to an FTC statement released this week. The two are part of Hong Kong-based VTech Holdings Ltd.
Hong Kong-based digital toy and gadget maker VTech Holdings has agreed to pay Dollars 650,000 to settle a lawsuit filed by the US Department of Justice on behalf of the Federal Trade Commission (FTC) for violation of online privacy laws for children.
In addition to the monetary settlement, VTech is permanently prohibited from violating COPPA in the future and from misrepresenting its security and privacy practices as part of the proposed settlement.
At the end of 2015, details about a massive security breach at VTech emerged, revealing that hackers broke into the company's servers, gaining access to the customer accounts of nearly five million parents and over six million children worldwide.
Children's information was linked to their parents' so that the hacker could tie a photo found on a kids' account to their physical address, according to the complaint.
In its complaint, the FTC had claimed VTech collected personal information from parents on an online platform called Learning Lodge Navigator, where the Kid Connect app could be downloaded. VTech will also agree to a stricter set of compliance requirements, including regular third-party security audits to check whether it is properly storing and encrypting its collected information, and to make sure it is getting express consent from parents before it collects and personal information. Currently, both web-based platforms are unavailable.
VTech spokeswoman Kaleigh Steinorth said the company did give notice and get parents' consent and designed Kid Connect in a way that ensured parents knew how the system worked and what information would be collected. Yet VTech did not encrypt the information, the agency stated. "Following the cyberattack incident, we updated our data-security policy and adopted rigorous measures to strengthen the protection of our customers' data".
The FTC has pursued numerous cases alleging violations of federal privacy law over the years against developers of online games and apps.
Numerous technology companies, including Facebook and Google, have been pushing to reach younger audiences with their products.