Dark or Light
logo
Logo

Microsoft Fined $20 Million By FTC For Collecting Children's Personal Info On Xbox Without Parental Consent

Joseph Bradford Posted:
Category:
News 0

The Federal Trade Commission has fined Microsoft to the tune of $20 million USD for illegally collecting the personal information of children on its Xbox console.

In the statement from the FTC, the government agency states that the Xbox sign-up process violates the Children's Online Privacy Protetcion Act. This is because it collects information without parental consent. Xbox, for their part, agreed to settle the matter, claiming it will "resolve a data retention glitch found" in its system, as well as amend its start up process.

Via the FTC statement:

“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “This action should also make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA.”

The act the sign-up process violated, the Children's Online Privacy Protection Act, or COPPA, requires children under the age of 13 have their parents notified about any personal information that the digital entity might be collecting. The FTC statement says that even when users listed their birthdates as under 13 years of age, there was no prompt to get a parent involved, at least until 2021.

"It wasn’t until after users provided this personal information that Microsoft required anyone who indicated they were under 13 to involve their parent. The child’s parent then had to complete the account creation process before the child could get their own account. According to the complaint, from 2015-2020 Microsoft retained the data—sometimes for years—that it collected from children during the account creation process, even when a parent failed to complete the process. COPPA prohibits retaining personal information about children for longer than is reasonably necessary to fulfill the purpose for which it was collected."

Microsoft in a statement on Xbox Wire claims this was a glitch in their system, something that is rectified.

"We recently entered into a settlement with the U.S. Federal Trade Commission (FTC) to update our account creation process and resolve a data retention glitch found in our system. Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures. We believe that we can and should do more, and we’ll remain steadfast in our commitment to safety, privacy, and security for our community."

Since the FTC complaint, Microsoft states that the process has been updated, requiring a date of birth first and then getting a parent involved from there if the date entered is below the age of 13. It will also be retroactively forcing parental consent on any account made prior to 2021 and was under 13.

This isn't the only high-profile case with the FTC Microsoft is working through right now, as the FTC is also suing Microsoft to block its acquisition of Activision Blizzard.


lotrlore

Joseph Bradford

Joseph has been writing or podcasting about games in some form since about 2012. Having written for multiple major outlets such as IGN, Playboy, and more, Joseph started writing for MMORPG in 2015. When he's not writing or talking about games, you can typically find him hanging out with his 15-year old or playing Magic: The Gathering with his family. Also, don't get him started on why Balrogs *don't* have wings. You can find him on Twitter @LotrLore