The U.S. Department of Justice (DOJ) has filed a lawsuit against Apitor Technology, a robot toy manufacturer, accusing the company of violating children’s privacy by exposing their geolocation data to a Chinese third-party developer without parental consent. The case highlights growing concerns around data privacy, children’s safety, and compliance with U.S. regulations governing online services for minors.
Apitor designs robotic toys targeted at children aged 6 to 14. These products are operated using a free Android app, which requires location sharing to connect the toys. However, the app also integrated JPush, a third-party SDK (software development kit), which allegedly enabled Chinese developers to harvest precise geolocation data from young users. This data could then be used for purposes such as targeted advertising—a direct violation of the Children’s Online Privacy Protection Rule (COPPA).
According to the complaint, Apitor failed to notify parents or obtain consent before collecting sensitive data. The Federal Trade Commission (FTC), which referred the case to the DOJ, emphasized that companies must disclose when they collect data from children under 13, even if it is handled by a third-party service. Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, warned that COPPA leaves no room for ambiguity: online service providers must secure parental consent before processing children’s personal information.
As part of a proposed settlement, Apitor will face strict compliance measures. The company is required to ensure that all third-party integrations also comply with COPPA. In addition, Apitor must notify parents before data collection, delete previously gathered personal information, and limit data retention to essential use cases. The firm has also been ordered to pay a $500,000 penalty, although payment is temporarily suspended due to the company’s reported financial struggles. Should it be discovered that Apitor misrepresented its finances, the full penalty will be enforced immediately.
Conclusion: The Apitor lawsuit underscores a critical issue: children’s geolocation and personal data must be protected at all costs. By allowing a Chinese third party to harvest sensitive information, Apitor violated trust and regulatory obligations. The case sends a clear message that COPPA compliance is non-negotiable, and companies targeting young users must implement rigorous safeguards to protect privacy in an era of pervasive digital surveillance.
