FTC Alleges Amazon Toy Seller Violated Children’s Privacy
A Chinese toy seller violated children’s privacy law by allowing a third party in China to collect children’s geolocation data without parental consent, the FTC alleged in an enforcement action announced Wednesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Apitor enabled a third-party software development kit to collect location data from Android users and use it for any purpose, including advertising to children, the FTC said. The company allegedly failed to obtain parental consent for collecting data on users younger than 13, which is required under the Children’s Online Privacy Protection Act (COPPA) rule.
The FTC’s proposed order for settling the claim includes a $500,000 penalty, which the agency said is suspended because the company can’t pay. Apitor will need to notify parents before it collects such data, obtain parental consent, delete children’s data if parents request it, and retain data only “as long as it is reasonably necessary” to fulfill intended business purposes, the FTC said.
Apitor develops and markets robot toys sold on Amazon, according to filings. Consumers must download an app in order to program and operate the toys, which are designed for children between the ages of six and 14.
The company’s “failure to provide notice and obtain parental consent to its practices subjects underage consumers to ongoing harm and deprives parents of the ability to make an informed decision about the collection of their children’s location information,” the FTC said in its complaint.
The commission voted 3-0 to refer the complaint and the proposed stipulated order to DOJ, which filed the complaint with the U.S. District Court for the Northern District of California.
Apitor didn’t comment Wednesday. Amazon didn’t comment.
FTC staff issued an advisory Wednesday reminding companies that COPPA is broad and covers third-party software apps. Staff recommended companies assess whether their software development kits are operating in a way that could cause COPPA compliance issues. Companies should read SDK vendors’ privacy policies to “ensure they’re consistent with your own company’s privacy policy and with COPPA,” said staff.
This case shows COPPA enforcement will be a “key priority” for the Trump administration, said staff: The FTC “will continue its efforts to keep Americans first in the marketplace by protecting families and children from unlawful practices.”