The Federal Trade Commission said today that the electronic toymaker VTech Electronics has agreed to settle for a fine of $650,000 to be paid within the next seven days after charges that it violated children’s privacy. The Hong Kong-based VTech is also the parent company of LeapFrog, a popular brand for educational entertainment for children.
Under the Children’s Online Privacy Protection Act (COPPA), companies are required to disclose information collection practices and obtain consent from parents when collecting information from children under age 13.
“As connected toys become increasingly popular, it’s more important than ever that companies let parents know how their kids’ data is collected and used and that they take reasonable steps to secure that data,” Maureen Ohlhausen, the acting FTC chairman, said in a statement on the FTC website. “Unfortunately, VTech fell short in both of these areas.”
The settlement dates back to the 2015 data breach that VTech suffered. By November 2015, about 2.25 million parents had registered and created accounts on VTech’s platform for almost 3 million children. At the same time, VTech was informed by media that a hacker had accessed its computer network and children’s personal information.
Although VTech has agreed to pay the fine, in a press release it says, “VTech does not admit any violations of law or liability.” And VTech still claims on its site that its smart device and app have been designed to be the “perfect tech toy for kids” with children’s safety and security in mind.
In addition to the monetary settlement, VTech is also required to start running a comprehensive data security program that will be subject to independent audits for 20 years.
Update January 9th, 7:57AM ET: This article was corrected to reflect that the sum was $650,000 and not $625,000.