Microsoft to pay $20 million to settle US charges for violating children's privacy
Microsoft will pay $20 million to settle US Federal Trade Commission (FTC) charges that the tech company illegally collected personal information from children without their parents' consent, the FTC said on Monday.
The company had been charged with violating the US Children's Online Privacy Protection Act (COPPA) by collecting personal information from children who signed up to its Xbox gaming system without notifying their parents or obtaining their parents' consent, and by retaining children's personal information, the FTC said in a statement.
The order requires Microsoft to take steps to improve privacy protections for child users of its Xbox system. It will extend COPPA protections to third-party gaming publishers with whom Microsoft shares children's data, the FTC said.
A Microsoft spokesperson said the company was committed to complying with the order. The spokesperson added the account creation process will be updated and a data retention glitch found in the company's system will be resolved.
"Our proposed order makes it easier for parents to protect their children's privacy on Xbox, and limits what information Microsoft can collect and retain about kids," said Samuel Levine, director of the FTC's Bureau of Consumer Protection.
"This action should also make it abundantly clear that kids' avatars, biometric data, and health information are not exempt from COPPA," Levine added.
The law requires online services and websites directed to children under 13 to notify parents about the personal information they collect and to obtain verifiable parental consent before collecting and using any personal information of the children.
From 2015 to 2020, Microsoft retained the data that it collected from children during the account creation process, even when a parent failed to complete the process, according to the complaint.