Microsoft fined $20 million for Xbox child privacy violations
Microsoft will pay a $20 million fine after the U.S. Federal Trade Commission charged that it violated children’s privacy rights with its information collection practices of the Xbox Live service.
On Monday, the FTC announced that it had imposed a penalty. The monetary settlement covers violations of the Children’s Online Privacy Protection Act of 1998 (COPPA), which involve “children who signed up to [the] Xbox gaming system without notifying their parents or obtaining their parents’ consent, and by illegally retaining children’s personal information,” the FTC said in a statement.
Further, Microsoft must take additional steps to strengthen privacy protections for minor children who use Xbox consoles and Xbox Live, subject to that order’s approval by a federal judge.
COPPA mandates that online services notify parents when they are collecting personal data about children younger than 13 years old and obtain parental consent. In this case, the violations stem from the fact that, even when an Xbox Live user “indicated that they were under 13, they were also asked, until late 2021, to provide additional personal information including a phone number.”
Additionally, as part of accepting Xbox Live’s terms of use, these children also consented to a pre-checked agreement allowing Microsoft to send promotional messages and share this data with advertisers. Microsoft retained the data of children under 13 years old, a violation to COPPA.
In a blog post Monday, Dave McCarthy, Xbox’s executive in charge of player services, called the matter a “data retention glitch found in our system” and said that “regrettably, we did not meet customer expectations.”
“We believe that we can and should do more,” McCarthy added, “and we’ll remain steadfast in our commitment to safety, privacy, and security for our community.”
He said that the data-retention violation was an error “inconsistent with our policy to save that information for only 14 days to make it easier for gamers to pick up where they left off to complete the process.” That “glitch” was fixed, and the data since deleted. McCarthy said it was “never used, shared, or monetized.”
In the future, Xbox Live users under the age of 13 will need to re-verify their accounts by obtaining parental consent.
Microsoft and the FTC are, of course, engaged in another lawsuit — related to Microsoft’s planned $68.7 billion acquisition of Activision Blizzard. In that complaint, the FTC has said the Microsoft/Activision deal “would enable Microsoft to suppress competitors to its Xbox gaming consoles and its rapidly growing subscription content and cloud-gaming business.”
The complaint was made at the end 2022. Since then, the European Union regulators have approved the deal. Still, the U.S. action, as well as a thumbs down from the United Kingdom’s Competition and Markets Authority, have kept the deal in limbo. Microsoft and Activision first announced their proposed acquisition on January 20, 2022.
#Microsoft #fined #million #Xbox #child #privacy #violations
