Every year, especially around the holidays, more and more products that connect to the internet hit the market. For adults, connected home devices that act like personal domestic assistants have become increasingly popular. Children have been adding connected toys, some of which have the intelligence and programming to become a child’s best friend, to their holiday gift lists. Although the holidays have passed, connected toys are still finding themselves on lists, such as birthday lists, but more importantly, on the investigation lists of the Federal Trade Commission (FTC) and its Canadian counterpart. On Jan. 8, 2018, the FTC – in cooperation with the Office of the Privacy Commissioner of Canada (OPC), which issued its own report finding violations of Canadian law – settled its first-ever connected toy privacy case with Hong Kong-based VTech Electronics, Ltd., (VTech), resulting in a $650,000 penalty. This case is also notable because it illustrates the effectiveness of the application of the U.S. SAFE WEB ACT, which facilitates FTC cooperation with other nations’ data protection authorities (DPAs), and indicates that the multi-DPA task force known as the Global Privacy Network (which includes the FTC and the OPC) can be effective in helping address international consumer privacy harms. In sum, the case arises out of a December 2015 data security breach that compromised the personal data of approximately 6 million children and 5 million adults worldwide. Both the OPC and the FTC concluded that the incident arose out of VTech’s failure to reasonably protect the data.