Following a data breach that exposed the data of more than six million children, VTech’s app store and portal is back online. The company’s database was breached using a technique called SQL injection, this method is not new but is effective and has been used by hackers more recently to breach TalkTalk’s data.
VTech’s president stated in an email to customers, “After further strengthening our data protection, the Learning Lodge® service is now back online”.
However, it would appear that the terms and conditions for the portal have also been strengthened.
Section 7 of the terms and conditions, updated 24th December 2015, provides that,
“YOU ACKNOLEDGE AND AGREE THAT ANY INFORMATION YOU SEND OR RECEIVE DURING YOUR USE OF THE SITE MAY NOT BE SECURE AND MAY BE INTERCEPTED OR LATER AQUIRED BY UNAUTHORISED PARTIES”
Contained within the EU Charter of Fundamental Rights is a provision for the protection of personal data, under EU law this obligation to secure data cannot be waived.
On the face of it, it would appear that VTech has strengthened its terms and conditions, although perhaps not in the EU.
Many have criticised VTech’s move, stating that the company should strengthen its data security rather than its terms and conditions.