Microsoft will pay $20 million to settle US Federal Trade Commission charges. that you unlawfully collected personal information from children without the consent of a guardian.
The tech giant has been accused of violating the Children’s Online Privacy Protection Act (COPPA), a federal law that requires online services and websites that serve children under the age of 13 to notify their guardians about the personal information that is collected.
Parental consent is also required before those online sites and services use any child’s personal information.
Investigation
From 2015 to 2020, Microsoft collected data from children under the age of 13 during the account creation process, even when a parent did not complete the consent process, and disclosed some of this information to third parties, according to the FTC complaint.
In addition to paying millions in fines, an order filed by the FTC will require Microsoft to modify its privacy protections for child Xbox users.
The order will require that COPPA protections extend to third-party game publishers with whom Microsoft shares children’s data.
Data protected by COPPA they include images of children, as well as biometric and health information, which a young Xbox gamer can use to generate their avatars on the game console.
Court order
Under the proposed order, Microsoft will need to obtain parental consent for accounts created before May 2021 if the account holder is still a child.
Besides, a system must be implemented where data collected from children is deleted within two weeks of the date of collection if Microsoft has not obtained parental consent within that time period.
The order, which was filed in the US District Court for the Western District of Washington, it must be approved by a federal court before it can take effect.
“Our proposed order makes it easier for parents to protect their kids’ privacy on Xbox and limits the information Microsoft can collect and retain about kids.” said Samuel Levine, director of the FTC’s Office of Consumer Protection, in a press release.
“This action should also make it very clear that children’s avatars, biometrics and health information are not exempt from COPPA,” Levine added.