Hong Kong-based electronic toy maker VTech has agreed to pay the US Federal Trade Commission US$650,000 to settle the agency’s first children’s privacy case involving internet-connected toys.

Along with paying the fine, VTech is permanently banned from violating the Children’s Online Privacy Protection Act (COPPA) in the future and from misrepresenting its security and privacy practices. It will also have to create a robust data security program, which will be subject to independent audits for 20 years.

In 2015, the US Department of Justice on behalf of the FTC filed a complaint against VTech after it suffered a data breach that exposed the personal information of five million customers (more than half were kids). The Commission alleged that VTech’s Kid Connect app that’s used with some of the company’s toys collected personal details from hundreds of thousands of children, and that the company failed to directly notify parents or get consent from them in terms of its information collection rules, as required under COPPA.

According to the complaint, VTech collected personal information from parents on its Learning Lodge Navigator online platform, which housed the Kid Connect app, and also via a now-discontinued online gaming and chat platform, Planet VTech.

Approximately 2.25 million parents had registered and created accounts with Learning Lodge for nearly three million children as of November 2015, including roughly 638,000 Kid Connect accounts for kids. As for Planet VTech, about 134,000 parents in the US created accounts on the platform for 130,000 children by the same time period.

The FTC also alleged that VTech broke the FTC Act by falsely claiming in its privacy policy that most personal information submitted by users through Learning Lodge and Planet VTech would be encrypted, but according to the FTC, the company did not encrypt any of the information.

The settlement follows a long string of similar cases involving child privacy breaches. Most recently, child privacy violations were filed against Disney and Viacom over allegations that dozens of the companies’ kids apps and games illegally track children’s usage and data through mobile phones and other internet-connected devices.

A similar instance last year saw US child tracker app uKnow leak more than 6.8 million texts and 1.8 million photos from kids’ Android and iPhone phones. On the toy side, Mattel was recently forced to axe its Aristotle child monitor amid increasing privacy concerns, and the toymaker also announced that it is delaying its kids voice assistant Hello Barbie Hologram until this year so additional tests can be conducted.

YouTube, which has had its own problems of late with inappropriate content, also recently announced it will implement 10,000 workers to moderate content this year and improve its machine-learning technology. Apple followed this news by announcing it will launch more features for parents to control their kids’ phone use.

Despite the problems, a recent Amazon-backed study by the US Family Online Safety Institute (FOSI) revealed that the majority of parents embrace internet-connected kids devices.