VTech’s ‘zero accountability clause’ for hacked or lost data on Learning Lodge app store won’t put it above the law, experts say

Educational toymaker was left reeling by the biggest hacking attack of the year in Hong Kong in November, but the company’s under-the-radar move to rewrite its terms and conditions may not help it escape liability in the future

Reading Time:2 minutes

A boy looks at VTech's V.Reader, an interactive e-reader for children ages 3 and older, in this file photo. VTech is moving to protect itself against litigation relating to possible future cyberattacks after its database was hacked in November, exposing the information of more than 6 million children who use the company's toys. Photo: AP

Published: 5:42pm, 12 Feb 2016Updated: 7:32pm, 12 Feb 2016

Efforts by Hong Kong-listed educational toy maker VTech to skirt responsibility for future security breaches cannot override existing data-protection laws around the world, according to experts.

VTech, which was hit by a massive hack in November that left more than six million children’s profiles exposed, has changed the terms of service for its online application store, Learning Lodge, to state that the company would not be liable for “damages of any kind” resulting from the “unauthorised access or alteration or destruction or deletion” of a user’s transmissions, data or device.

“This sets a bad example,” Paul Haswell, a partner at international law firm Pinsent Masons, told the South China Morning Post.

“Instead of working to resolve the underlying problem that data is not secure, this organisation tells customers: ‘Hey, we won’t protect your data properly. But that’s your problem for using our service’.”

The amendments to the app store’s terms of service were reportedly made in December, a month after the security breach occurred.