Uncle Sam took out his regulatory stick recently and rapped the knuckles of a Hong Kong toy company, fining it $650,000 ─ a civil penalty that also may serve as a potent reminder to Hollywood, video game manufacturers, and any other makers of electronic entertainments targeted at kids that they must protect vulnerable youngsters and their privacy or face public opprobrium and federal penalties
The case involving VTech Holdings Ltd. and the Federal Trade Commission also pushed the technological bounds of regulators’ oversight on youngsters’ cyber privacy. The FTC earlier had warned companies about their child-targeted web sites, apps, and devices.
But the VTech case also advanced agency action in protecting youngsters using wi-fi connected products, items that are part of the galaxy of uses known as the Internet of Things (IoT). Makers see great promise in IoT devices large and small because they rapidly can become smarter, more sophisticated, and more feature-laden with their web connection and without the need for heavy onboard smarts and hardware.
IoT devices also have greater vulnerabilities to hacking, which VTech acknowledged occurred to the company ─ not necessarily through its products but through an area in which they and their software get tested.
Too easily hacked, too much data bared
The FTC, in a complaint, blasted VTech not only because of the ease in which it got hacked but also the wide and deep information that then was exposed on millions of parents and youngsters.
This included required product registration data including parents’ full names, physical addresses, emails, site passwords, and a secret Q&A for password retrieval, as well as children’s names, dates and years of birth, and gender. Depending on the account for company services, parents also might have supplied profile photos of themselves and their children, the FTC explained on a blog on its web site.
Yet even as it created this extensive customer database, including information it knew involved children, VTech, the FTC said, failed “to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information.”
‘98 privacy act has more pertinence now than ever
Its flawed systems, of course, put Vtech ─ and its American subsidiary, based in Illinois ─ in the regulatory bullseye for violation the 1998 Children’s Online Privacy Protection Act. The act, aka COPPA, requires companies to “take reasonable measures to protect the confidentiality” of personal information of children as well as “disclosing to parents the information it collects.”
The agency also has scrutinized privacy practices with apps and in-game features by conducting surveys “examining what information kids’ app developers are collecting from users.” The agency also strengthened the Children’s Online Privacy Protection Rule to widen protection for youngsters.
In 2015, the FTC reached at least two notable settlements, with LAI Systems LLC, and Retro Dreamer. The FTC formally accused LAI of COPPA violations for “failing to obtain verifiable parental consent” before collecting children’s personal information. The agency asserted that Retro Dreamer had violated the act by failing “to provide direct notice to parents of the information.”
Big and burgeoning revenues at stake
Apps, games, and other entertainments continue to burgeon, with some experts estimating they make up a market with annual revenues exceeding $40 billion ─ and they’re expected to grow, especially as those tied to existing entertainments like television shows and movies improve in quality and features. Hollywood has run afoul of kid privacy protections, notably in a 2016 case involving the New York Attorney General and Viacom, Hasbro, Mattel, and JumpStart Games Inc., even as apps and games themselves, in turn, also have been spinning into full-blown movies and productions.
With entertainment enterprises and game makers pushing ahead with augmented- and virtual-reality products, as well those tapping artificial intelligence ─and with young and increasingly younger consumers becoming earlier and earlier technology adopters ─ it’s hard not to see Uncle Sam, advocacy groups for parents, kids, and families, and, yes, cybersecurity experts stepping up and in with new and growing concerns about protecting a curious but especially vulnerable audience.