Microsoft will pay a $20 million fine to the Federal Trade Commission in order to resolve allegations that it unlawfully gathered and stored personal information from children without their parents’ permission, the FTC announced on Monday.
The FTC stated in a statement that the company’s practises violated the US “Children’s Online Privacy Protection Act (COPPA)” by capturing data from children who registered for the company’s Xbox gaming system without informing or getting their parents’ consent.
As part of the FTC’s decision, Microsoft is also obligated to take action to better safeguard the privacy of young Xbox users. Aside from Microsoft, the ruling also applies to independent game developers.
The FTC’s Bureau of Consumer Protection director, Samuel Levine, said in a statement that “our recommended order makes it simpler for parents to safeguard the security of their children on Xbox and restricts the data that Microsoft can gather and keep about kids.” Avatars, biometric data, and medical data regarding children are not excluded from COPPA, and this move ought to render that perfectly obvious.
In accordance with COPPA, businesses are prohibited from gathering information about children under 13 without their parents’ permission and from using that information for marketing or advertising. Companies are not permitted to keep children’s data for longer than is required, and any data that is saved must be appropriately safeguarded against potential theft.
The complaint claims that even if a parent didn’t finish the process, Microsoft kept the information it obtained from 2015 to 2020 during the account creation process.
Microsoft affirmed its dedication to following the FTC’s directive.
A Microsoft spokesperson said in a statement that in furtherance to our current numerous safety plans, we also intend to develop next-generation identity and age validation—a simple, safe, once-only process for all players that will improve our ability to deliver tailored, safe, and appropriate for your age incidents.