Earlier this week, the Federal Trade Commission announced that it had reached a settlement with VTech Electronics Limited, a Chinese manufacturer of electronic learning toys, and its North American subsidiary over charges that VTech violated the Children’s Online Privacy Protection Rule (“COPPA”), a rule designed to “strengthen kids’ privacy protections and give parents greater control over the personal information that websites and online services may collect from children under 13.” The FTC’s complaint centered on three web-based platforms VTech created and maintained to support its numerous connected toys. The platforms are the Learning Lodge Navigator, a platform akin to Apple’s App Store that allows users to download games and content to their VTech devices; Kid Connect, a children’s messaging app for smart phones; and Planet VTech, an online platform that allows online game play and messaging between users. Each of these products allowed for children to share personal information or required registration from parents, including information such as a child’s name and age. In some instances, VTech stated that the collected information would be encrypted, which it was not.
While connected toy manufacturers may have taken the FTC’s relaxed position on COPPA violations relating to voice collection as comforting, the agency’s settlement with VTech is a clear sign that position does not signal a lack of attention focused on the industry or willingness to pursue action against its participants. Although other connected toy manufacturers may view VTech’s violations as egregious, they would be wise to take stock of their own data collection and storage practices to ensure they may not be engaging in similar, if not lesser, violations of COPPA. While the VTech settlement may mark the first such action against a connected toy manufacturer, it may not be its last.