Microsoft Fined $20 Million For Collecting Children’s Data Illegally

Rithika Biswas
Rithika Biswas June 8, 2023
Updated 2023/06/10 at 4:19 AM

Microsoft will pay a $20 million fine to resolve FTC allegations that it improperly acquired the data of kids who registered for Xbox. Microsoft will pay a $20 million fine to resolve Federal Trade Commission allegations that it improperly acquired and stored the personal information of children who registered to use its Xbox gaming device. The commission said that Microsoft unlawfully kept the data and collected it without informing or getting permission from parents. The Children’s Online Privacy Protection Act was broken by such activities, according to the FTC.

Dave McCarthy, corporate vice president for Xbox at Microsoft, detailed further measures the business is implementing right now to strengthen its age verification processes and make sure that parents are involved in the creation of kid accounts for the service in a blog post. These mostly focus on initiatives to enhance age verification technologies and to inform kids and parents about privacy concerns. McCarthy said that the business has found and resolved a technological error that prevented child accounts from being deleted when the account creation process never ended.

Microsoft’s strategy was to only save the information for a maximum of 14 days in order to enable gamers to continue account creation if they were stopped. Before the settlement can take effect, a federal judge must approve it, according to the FTC. In order to resolve complaints from the U.S. Federal Trade Commission (FTC), Microsoft has agreed to pay a fine of $20 million. The FTC had accused Microsoft of collecting and holding onto children’s personal information without their parent’s knowledge or permission when they registered to use the Xbox gaming system.

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on  Xbox

According to Samuel Levine of the FTC, “Our proposed order makes it simpler for parents to protect their kids’ privacy on Xbox and limits what information Microsoft can collect and retain about kids.” The fact that children’s avatars, biometric information, and health information aren’t cut off from COPPA should also be made clearly obvious by this move. Redmond has been ordered to update its account creation procedures for kids in order to prevent the collection and storage of data. This includes obtaining parental consent and deleting the data in question within two weeks if approval is not received. The proposed settlement is still subject to court approval.

In addition to subjecting biometric data and avatars made from children’s faces to the privacy regulations, the privacy safeguards also apply to independent game developers with whom Microsoft distributes children’s data. By requesting first and last names, email addresses, dates of birth, and phone numbers from children under 13 until late 2021, Microsoft allegedly breached the COPPA’s consent and data retention regulations. 

Additionally, according to reports, the developer of Windows shared user data with marketers until 2019 when users agreed to Microsoft’s service agreement and advertising policy by default. The FTC said that Microsoft did not require anyone who stated they were under 13 to engage their parent until after they had submitted this sensitive information. Before the youngster could receive their own account, the child’s parents had to finish the account creation process.

FTC fines Microsoft $20 million for collecting children's personal data, extends protections to third-party publishers | Game World Observer

However, Microsoft made the decision to break U.S. regulations protecting children’s privacy by keeping the information it obtained about children during the account creation phase for years, even in cases where a parent did not finish the signup process. The business has also been charged with creating a special persistent identifier for accounts belonging to minors, sharing that information with the creators of outside games and apps, and explicitly requesting that parents opt out in order to stop their children from using outside games and apps on Xbox Live.

Xbox responded by saying it was taking further measures to strengthen its age verification processes and make sure that parents were involved in setting up children’s accounts for the service. The precise details of what this arrangement was not made known.


For more such updates, keep reading techinnews

Share this Article