Microsoft is pleading $20 million to settle a privacy case with the Federal Trade Commission (FTC). The American technology company collected personal information from children without their parents’ consent. The company promises to take steps to better protect children’s privacy in the future.
The FTC announced the fine through a press statement.
These violations were committed by Microsoft
The case involves children under the age of 13 who have logged into the Xbox gaming system. They had to create an account before they could game and chat with other players via the Xbox Live service. It was mandatory to provide personal information, including first and last name, date of birth and e-mail address. They also had to agree to the service agreement and advertising policies. In doing so, they gave Microsoft permission to serve personalized advertisements and share user data with advertisers.
After creating an Xbox Live account, children could upload a photo or add an avatar. According to the FTC, Microsoft combined this information with unique profile information and shared this information with third-party game and app developers. “By default, Microsoft allowed all users, including children, to play third-party games and apps while using Xbox Live, requiring parents to take additional steps to opt-out if they did not want their children to access these games and apps ”, said the trade watchdog.
Finally, the FTC states that from 2015 to 2020, Microsoft collected and retained data from children when they created an account, even when one of their parents did not complete the account creation process. It is against US privacy rules to keep children’s data longer than necessary.
FTC fines $20 million
Microsoft illegally collected and processed children’s personal information because the young gamers did not inform their parents of these practices or seek their consent. The Redmond-based tech company also failed to inform parents of gamers about the data the company collects from their offspring. The FTC ruled that violates the Children’s Online Privacy Protection Act (COPPA). That is why the regulator fines Microsoft $ 20 million.
In addition to a fine, the FTC has ordered the hardware and software company to take steps to better protect the privacy of children who play on the Xbox. For example, Microsoft can no longer share data from young gamers with game developers. The company must also obtain parental consent for accounts created before May 2021 and the account holder is a child. Finally, Microsoft must destroy all personal data of children who have not obtained parental consent.
Better protect children’s privacy
“Our proposed injunction makes it easier for parents to protect their children’s privacy on Xbox and limits what information Microsoft can collect and store about children. Our mandate also makes it clear that avatars, biometrics, and child health information are not exempt from COPPA,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection.
A Microsoft spokesperson told Reuters that it is determined to comply with the FTC’s order. The account creation process will be reviewed. The fact that the company kept children’s personal data for years is due to an error in the system. Microsoft is also looking for a solution for this problem.