The educational game company suffered a massive hack late last year that allowed third parties to access the data of over 200,000 children and many more parents; its reluanched site contains a new disclaimer that appears to attempt to avoid responsibility for future breaches.
A new clause of its terms and conditions states:
“YOU ACKNOWLEDGE AND AGREE THAT ANY INFORMATION YOU SEND OR RECEIVE DURING YOUR USE OF THE SITE MAY NOT BE SECURE AND MAY BE INTERCEPTED OR LATER ACQUIRED BY UNAUTHORIZED PARTIES.”
Legal experts contacted by Motherboard suggest that the clause is unenforcable.
Under a U.S. law known as COPPA, companies must both protect and anonymize the data of minors which access their services. Restrictions are even tougher in Europe, as detailed in this Gamasutra blog post on the VTech hack and the laws that it falls under.
Hong Kong-based VTech last week announced plans to acquire California educational game company LeapFrog Enterprises for $72 million.