VTech has updated their Terms & Conditions (T&C) to hold parents responsible for any future data breaches, but is it legal?
In November of 2015 VTech suffered a data breach which left 200,000 children’s personal information exposed. The action that VTech has chosen to take moving forward is rather surprising. The company has decided to update their T&C to shift the responsibility of any future leaked data to that of the parents. According to ITPro, VTech’s new clause in the T&C reads as follows:
“You acknowledge and agree that any information you send or receive during the use of this site may not be secure and may be intercepted or later acquired by unauthorized parties.”
This attempt to shift the responsibility onto the parents is legally questionable. According to the UK data protection legislation, any company who obtains the personal data of their consumers is then accountable for said data.
Concern is raised by security expert, Troy Hunt, as he reported that many times the T&C or End User License Agreements (EULA) goes unread. Unfortunately, not reading the T&C and EULAs leaves us, as consumers, vulnerable as we are unaware of what we are agreeing to. Realistically, this is not uncommon. Many times we check the “I accept” box too eagerly, and leave ourselves open to many things we may or may not agree with.
PC Pitstop did an experiment with their own EULA in 2005 and 2015. A special consideration was added both years to the company’s EULA, and it took thousands upon thousands of downloads before anyone noticed. Hopefully, with the exposure of these experiments, as well as the knowledge of what VTech is attempting to do, consumers will be more apt to read the T&C and EULA before saying “I accept”.