Microsoft to pay $20m for child privacy violations

Microsoft to pay $20m for child privacy violations | The Entrepreneur Review

Microsoft has agreed to pay $20 million (£16 million) to US federal regulators following the discovery that it illegally collected data on children who created Xbox accounts. The settlement reached with the Federal Trade Commission (FTC) includes enhanced protections for child gamers.

Violating  Children’s Online Privacy Protection Act

The FTC found several violations by Microsoft, including the company’s failure to inform parents about its data collection policies. The action against Microsoft comes after a similar case involving Amazon and its Echo devices last week. According to the FTC, Microsoft violated the child Privacy Protection Act by not obtaining proper parental consent and by retaining the personal data of children under 13 for longer than necessary for accounts created before 2021.

The law requires online services and websites targeting children to obtain parental consent and disclose the collection of personal data. Xbox users are required to create an account, which collects information such as full name, email address, and date of birth during the setup process. Microsoft only requested parental permission after obtaining personal information, such as the child’s phone number. The FTC stated that from 2015 to 2020, Microsoft retained data from the account setup, even when parents did not complete the process, sometimes keeping it for years. Additionally, the company failed to inform parents about all the collected data, including user profile pictures and the distribution of data to third parties.

Microsoft to pay $20m for child privacy violations

Improving Safety Measures

In response, Microsoft’s Dave McCarthy, CVP of Xbox Player Services, wrote in an Xbox blog post that they acknowledge not meeting customer expectations and are committed to improving safety measures as required by the settlement. He emphasized Microsoft’s dedication to safety, privacy, and security for the community.

As part of the settlement, Microsoft is also required to implement new safety measures for children. This includes maintaining a system to delete all personal data within two weeks if no parental consent is obtained. The settlement order must receive approval from a federal judge before it becomes effective.

Last week, Amazon agreed to pay $25 million after the FTC found that it had retained sensitive data, including voice recordings of children, for an extended period. Amazon’s Ring, the doorbell camera unit, also agreed to pay $5.8 million after granting employees unrestricted access to customer data.

Also Read: Amazon to Offer Physical Products in Games, VR

Do You Like the Article? Share it Now!