FTC announces settlement with toy robot makers that tracked location of children
The Federal Trade Commission announced a settlement Tuesday with a Chinese robot toy manufacturer, following an investigation that charged the company with illegally collecting the location data of U.S. children who buy its products.
In a complaint filed in the U.S. Northern District Court of California, the Department of Justice on behalf of the FTC charged Shenzhen, China-based Apitor Technology — makers of programmable robot toys for children — of violating U.S. federal law by tracking the geolocation of users under the age of 13 through an online app that users download to operate the robots.
Apitor collected this data without informing parents or asking for permission, the FTC said, violating parental consent requirements in the 1998 Children’s Online Privacy Protection Act.
This collection, ongoing since at least 2022, “subjects underage consumers to ongoing harm and deprives parents of the ability to make an informed decision about the collection of their children’s location information,” the FTC alleged in its complaint.
“Apitor allowed a Chinese third party to collect sensitive data from children using its product, in violation of COPPA,” Christopher Mufarrige, director of the FTC’s Bureau of Consumer Protection, said in a statement. “COPPA is clear: Companies that provide online services to kids must notify parents if they are collecting personal information from their kids and get parents’ consent — even if the data is collected by a third party.”
The toys made by Apitor are sold on Amazon and other online marketplaces, marketed to children between the ages of 6-14, and promise educational benefits such as teaching children coding skills.
Apitor’s products come with a companion application, downloadable on Android and iOS mobile devices, for children to remotely control the robots. It also included a third-party software development kit called JPush, made by a Chinese phone developer and analytics company, that collects “the precise geolocation data for thousands of children,” the agency said.
The company’s own privacy policy expressly affirms its intentions to adhere to U.S. law, at one point stating “[w]e are committed to complying with the Children’s Online Privacy Protection Act” without disclosing the tracking of geolocation data through JPush.
In a proposed order detailing terms of the settlement, Apitor did not admit or deny the allegations but agreed to pay a $500,000 civil fine for previous violations and delete collected geolocation data or obtain express parental consent from each user.
The company also agreed to 10 years of compliance monitoring and must include a “clear and conspicuous” disclosure in any visual, audible or electronic marketing about its robots that it intends to collect geolocation data — or any COPPA-protected personal data — and request explicit consent from parents before doing so.
