Microsoft Charged With Illegally Collecting Children’s Data

The FTC is slapping the tech giant with a $20 million fine for violating the Children’s Online Privacy Protection Act

David Becker/Getty Images

The Federal Trade Commission hit Microsoft with a $20 million fine on Monday, charging the tech company with violating the Children’s Online Privacy Protection Act due to its handling of data gathered from children during the Xbox Live registration process.

As for how Microsoft violated the rules, the FTC said the company’s Xbox Live signup process collected sensitive data before demanding that young users get parental approval, whereas the appropriate procedure is the reverse (get parents on board before collecting any sensitive data).

Soliciting personal information, such as phone numbers, from players under 13 years of age before asking them to get parental approval was only part of Microsoft’s COPPA violation. Another key element, according to the complaint, is that “Microsoft allowed—by default—all users, including children to play third-party games and apps while using Xbox Live, requiring parents to take additional steps to opt out if they don’t want their children to access them.” This allowed children’s information to be shared with third-party developers without parental consent.

In addition to the $20 million fine, the FTC proposed that Microsoft be required to keep parents informed (more than is already required) as well as delete child-linked info wherein parental consent is not obtained within two weeks of said data being collected.

The FTC’s order has yet to be approved by a federal court, which is required for the fine and associated bolstered Xbox privacy protection terms to be forced onto Microsoft.

“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “This action should also make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA.”

“At Xbox, we have the fundamental commitment that all players should have a safe and secure experience on our platform,” said a Microsoft spokesperson in response to TheWrap’s request for comment, linking to an Xbox blog post. “We recently entered into a settlement with the U.S. Federal Trade Commission (FTC) to update our account creation process and resolve a data retention glitch found in our system. We are committed to complying with the order. In addition to our existing multifaceted safety strategy, we also plan to develop next-generation identity and age validation – a convenient, secure, one-time process for all players that will allow us to better deliver customized, safe, age-appropriate experiences.”

Comments