Microsoft has agreed to pay $20 million to US federal regulators to settle allegations that the company unlawfully collected data on children who had created Xbox accounts.
Microsoft and the Federal Trade Commission (FTC) settled on terms that include additional protections for children who play video games.
According to the FTC, Microsoft broke the Children’s Online Privacy Protection Act by keeping data on users under the age of 13 for longer than necessary for accounts created before 2021 and by not properly obtaining parental approval.
The FTC discovered that Microsoft neglected to educate parents about its data-collecting policy, among other breaches.
A parent’s permission is required by law before collecting personal information about a child through online services and websites geared toward children, and these services must also notify the parent before doing so.
For several services, Xbox users must register an account. The setup process includes the collection of data such as complete name, email address, and birthdate.
Even when a parent was unable to finish setting up an account for their child between 2015 and 2020, Microsoft allegedly retained data “sometimes for years” from the process, as stated by FTC
Additionally, the corporation neglected to warn parents about the information it was gathering, including the user’s profile photo and how it would be shared with third parties.
Microsoft’s Dave McCarthy, CVP of Xbox Player Services, stated in an Xbox blog post, “Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures.”
“We believe that we can and should do more, and we’ll remain steadfast in our commitment to safety, privacy, and security for our community,” McCarthy added.
As part of the terms of the settlement, Microsoft is required to put in place extra measures to protect children. If parental approval cannot be obtained within two weeks, all personal information must be deleted from the system.
Read more on Tech Gist Africa:
Meta has been slammed with a staggering $1.3 billion fine for data transfers violation
Amazon will pay the FTC over $30 million to address privacy concerns with Alexa and Ring