LogIn
Microsoft has been ordered to pay a $20 million fine due to its illegal collection of children's data.
The Federal Trade Commission has officially fined Microsoft $20 million for violating privacy regulations, particularly for collecting personal information from children through its Xbox console. According to the agency, Microsoft failed to obtain parental consent and neglected to notify parents, thereby violating the Children's Online Privacy Protection Act (COPPA).
In a complaint filed by the FTC, it was revealed that until late 2021, Microsoft allegedly required all Xbox users to provide personal information, such as a phone number, full name, and date of birth, to create an account. Additionally, users had to agree to Microsoft's terms and conditions without the need for adult consent.
"From 2015-2020 Microsoft retained the data – sometimes for years – that it collected from children during the account creation process, even when a parent failed to complete the process," the FTC said. "COPPA prohibits retaining personal information about children for longer than is reasonably necessary to fulfill the purpose for which it was collected."
In order to remedy this situation, the FTC has proposed a substantial fine and a new order that would compel Microsoft to improve its data protections for children. The order would establish clear guidelines to ensure the protection of kids' avatars, biometric data, and health information under COPPA.
In its response to the fine imposed by the FTC, Microsoft said it has a "fundamental commitment" to ensuring a secure experience for its players, especially for its young players. Additionally, regarding the specific issue of children's data retention, Dave McCarthy, the CVP of Xbox Player Services, attributed it to a "glitch" in the system.
"During the investigation, we identified a technical glitch where our systems did not delete account creation data for child accounts where the account creation process was started but not completed," he said.
"This was inconsistent with our policy to save that information for only 14 days to make it easier for gamers to pick up where they left off to complete the process. Our engineering team took immediate action: we fixed the glitch, deleted the data, and implemented practices to prevent the error from recurring. The data was never used, shared, or monetized."
You can find the FTC's press release here. Also, don't forget to join our 80 Level Talent platform and our Telegram channel, follow us on Instagram and Twitter, where we share breakdowns, the latest news, awesome artworks, and more.