Devices and apps geared towards kids have become a focus of concern when it comes to protecting children's privacy. In 2015, VTech, a maker of a number of kid's toys, was hacked, exposing some 6.4 million customers' data as well as children's photos and chat logs. The manufacturer of an internet-connected teddy bear also mismanaged its customers' data, making it easily accessible online. The information was subsequently taken by hackers and held for ransom. Further, a number of companies with apps and websites geared towards children have been both sued by parents and handed financial penalties from the FTC and New York state for illegally collecting information from children under the age of 13. Additionally, privacy concerns have been directed towards smart speakers aimed at children and a doll that not only records kids' voices without permission, but also allows unauthorized Bluetooth devices to connect to them. Germany banned that doll earlier this year.
Germany's smartwatch ban comes after a Norwegian Consumer Council report noting that certain brands of kids' smartwatches transmitted data without encryption, opening them up to breaches. "There is a shocking lack of regulation of the 'internet of things', which allows lax manufacturers to sell us dangerously insecure smart products," security expert Ken Munro told the BBC. "Using privacy regulation to ban such devices is a game-changer, stopping these manufacturers playing fast and loose with our kids' security."