Earlier this week, toymaker VTech (who own the Leapfrog brand) came to a settlement with the Federal Trade Commission (FTC) over a lawsuit that claimed the company violated children’s privacy. VTech will pay a $650,000 fine, and have agreed to begin a 20-year data security program.
This constitues a violation of the Children’s Online Privacy Protection Act (COPPA), which requires companies to gain consent from parents when collecting data from children under 13, and also requires them to properly and accurately discolse their data collection practices.
In response to the settlement, Acting FTC Chairman Maureen K. Ohlhausen said:
As connected toys become increasingly popular, it’s more important than ever that companies let parents know how their kids’ data is collected and used and that they take reasonable steps to secure that data. Unfortunately, VTech fell short in both of these areas.”
This isn’t the first time that Hong Kong-based VTech have faced issues related to their treatment of children’s information; three years ago the toymaker was hacked, exposing the personal data of 6 million children and 5 million adults.
However, VTech have still not admitted any wrongdoing. The settlement of the fine does not constitute an admission of guilt, or of in any way violating the law.
Whether or not their practices will change in response to this relatively small fine remains to be seen.