From Cartoons to Robots: A Parental Warning for Children’s Safety
From Cartoons to Robots: A Parental Warning for Children’s Safety
This month, the Federal Trade Commission (FTC) stepped up enforcement of the Children’s Online Privacy Protection Act (COPPA) with two significant actions: a $10 million settlement with Disney over improperly labeled YouTube videos, and a public complaint against Chinese robot toy maker Apitor Technology for illegally allowing the collection of children’s geolocation data. These developments not only underscore the FTC’s unwavering commitment to safeguarding kids’ privacy but also signal a broader crackdown on companies, both U.S. and international, that fall short of COPPA’s strict requirements.
The FTC-Disney Settlement: Mislabeling YouTube Videos
Background & Violation
On 2 September 2025, the FTC announced that Disney agreed to pay a $10 million civil penalty to settle allegations that it unlawfully allowed personal data to be collected from children under the age 13 through YouTube videos. Disney’s recent direction has dimmed its image as the happiest place on earth.
The core issue? Disney failed to designate certain videos as “Made for Kids” (MFK) and instead relied on default channel designations despite being warned by YouTube in mid-2020 that more than 300 videos needed correction. This mislabeling let YouTube collect data from child viewers and display targeted ads without parental consent resulting in a clear breach of COPPA.
Impacts & FTC Response
Because of this lapse:
Children were served personalized ads;
Children’s data was collected without requisite parental notification or consent; and
Children were potentially exposed to autoplay features and content not intended for their age group.
FTC Chair Andrew Ferguson emphasized the settlement’s importance: “Our order penalizes Disney’s abuse of parents’ trust, and, through a mandated video-review program, makes room for the future of protecting kids online—age assurance technology.”
Settlement Terms
Under the proposed order:
Disney must implement a program to review and properly designate each YouTube video as MFK or not;
Disney must use age-assurance technologies to prevent such mislabeling in the future; and
The focus is solely on YouTube-hosted content, not Disney’s own digital platforms.
Significance
This is the first FTC settlement with a YouTube content provider since the landmark 2019 deal with YouTube/Google for similar violations. This settlement sends a clear message: content creators and distributors, even when publishing via third parties, must diligently classify child-directed content or face penalties.
FTC vs. Apitor: A Robot Toy Maker Under Scrutiny
Who Is Apitor?
Apitor Technology, based in China, develops robot toys for children ages 6–14. Its companion Android app allows children to program and control the toys but with a hidden privacy cost.
Violation Details
According to the FTC complaint filed 3 September 2025, Apitor:
Required Android users to enable location sharing to use its app; and
Integrated a third-party SDK called JPush which began collecting precise location data from children, and transmitted it for use, including advertising, without notifying parents or obtaining consent Federal Trade Commission.
Despite COPPA’s stringent rule that requires parental notice and verifiable consent before collecting children’s data including geolocation, the company failed to comply and misrepresented compliance in its privacy policy Federal Trade Commission.
Proposed FTC Order
The FTC’s proposed stipulated order includes:
A suspended $500,000 penalty contingent on Apitor’s ability to pay; it becomes due if the company misrepresents its finances Federal Trade Commission;
A mandate to delete all improperly collected personal information unless parental consent is obtained;
Requirements to notify parents and secure consent before collecting or allowing collection of any child’s personal information, especially via third parties; and
A commitment to retain data only as long as necessary and allow parents to request deletion.
However, the concern for parents should be the truthfulness of a Chinese company in a communist controlled country. Parents should remain highly skeptical of any app originating from China.
FTC Bureau director Christopher Mufarrige stated plainly: “COPPA is clear: Companies that provide online services to kids must notify parents … and get parents’ consent—even if the data is collected by a third party.”
Broader Context & Historical Enforcement
COPPA: A Pillar of U.S. Children’s Privacy Law
Enacted in 1998, COPPA grants parents control over the collection of their children’s online information. It requires notice, parental consent, secure data handling, and limits on third-party data collection. Violations carry civil penalties now up to over $50,000 per violation and have been enforced against platforms like YouTube, TikTok, and others.
Past FTC Actions
YouTube/Google: In 2019, they were fined $170 million for COPPA violations. YouTube/Google introduced MFK designations for content creators.
TikTok/ByteDance: In 2020, they paid $5.7 million and added a kids-only mode.
Epic Games: In 2022, the company agreed to a $275 million penalty for COPPA violations.
Connected toy maker VTech: In 2018, they paid $650,000 for collecting player data without parental consent and engaged in poor data security. They were ordered to implement 20-year data safety audits.
The Disney and Apitor cases thus build on a growing FTC track record of targeting both software platforms and physical toy companies that interact with kids.
Analysis: What Do These Developments Mean?
A Signal of Prioritization
The FTC’s recent cases underscore a renewed sense of urgency in protecting children’s privacy. From digital platforms like YouTube to physical toys with companion apps, no sector is overlooked.
Enforcement Across Borders
With Apitor, a China-based company, under scrutiny, the FTC shows it will pursue international defendants who target U.S. children, especially when COPPA violations are clear.
Technology & Compliance: Not Optional
Both actions emphasize the importance of age-designation (for media) and rigorous vetting of third-party SDKs (for toys). Companies must proactively adopt compliance frameworks and not assume default settings suffice.
Parental Trust Is Key
The FTC repeatedly highlights misuse of parental trust. These cases serve as reminders: when personal data is involved, especially that of minors, transparency and consent are non-negotiable.
Best Practices: What Companies Should Learn
Audit content classification processes such as those on platforms like YouTube.
Vet third-party SDKs carefully, especially for data collection.
Implement clear, accessible privacy notices and obtain verifiable parental consent.
Limit data retention to what is necessary and give parents deletion rights.
Invest in compliance technology, such as age-assurance systems.
Conduct regular privacy/security audits to catch issues early.
What Parents & Consumers Can Do
Review the COPPA compliance of platforms and toys.
Monitor in-app permissions, especially location access.
Use parental controls and settings on devices and platforms.
Report suspected violations to the FTC via its ReportFraud.ftc.gov portal Consumer Advice.
Stay informed about children’s digital privacy issues.
Conclusion
In the span of just a few days, the FTC delivered two critical enforcement actions: a high-profile settlement with Disney and a formal complaint against Apitor. These moves reinforce COPPA’s relevance and the agency’s resolve to enforce it across content, platforms, and even toy makers. As technology continues to blend with play and learning, both companies and parents must recognize that children’s data privacy is not an afterthought; it is paramount.
For more information, see https://www.ftc.gov/business-guidance/blog/2025/09/using-third-partys-software-your-app-make-sure-youre-all-complying-coppa
#Disney #legalnews #FTC #Apitor #YouTube #ReportFraud #consumerprotection #coppa #mfk