Microsoft to Resolve US Allegations of Breaching Children’s Privacy with USD 20 Million Payment
According to the Federal Trade Commission (FTC), Microsoft has agreed to pay $20 million to resolve charges that it unlawfully gathered personal data from minors without their parents’ permission.
The company has been accused of violating the US Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children who have registered on the Xbox gaming system without notifying their parents or obtaining their consent, and by retaining the children’s personal information, the FTC said in a statement.
The company did not immediately respond to a request for comment late Monday.
It requires Microsoft to take steps to better protect the privacy of children using its Xbox system. The FTC said it would extend COPPA protections to third-party game publishers with whom Microsoft shares children’s data.
“The proposed rule will make it easier for parents to protect their children’s privacy on Xbox and limit the information Microsoft can collect and retain about children,” said Samuel Levine, director of the Federal Trade Commission’s Office of Consumer Protection.
“This measure should make it abundantly clear that children’s avatars, biometrics, and health information are not exempt from the Children’s Online Privacy Protection Act,” Levine added.
By law, services and websites aimed at children under 13 must notify parents of the personal information they collect and obtain verifiable parental consent before collecting and using personal information collected from children.
From 2015 to 2020, Microsoft retained information it collected from children during the account creation process, even if a parent could not complete the process, according to the complaint.