After discovering that Microsoft had illegally acquired data on children who had started Xbox accounts, the company agreed to pay US federal regulators $20 million (about £16 million).
The Federal Trade Commission (FTC) and the corporation agreed on a settlement on Monday, which also involves improved safeguards for the safety of children who play video games.
It comes after a lawsuit against Amazon last week regarding its Echo devices.
According to the Federal Trade Commission (FTC), Microsoft violated the Children’s Online Privacy Protection Act (COPPA) by not correctly obtaining parental consent and keeping personal data on children under 13 longer than necessary for accounts created before 2021. Both of these violations occurred after Microsoft failed to comply with requirements of COPPA.
The legislation requires online services and websites geared toward children to get the consent of a parent and to inform the parent about any personal data acquired about their kid. Additionally, the law requires that the parent be informed about any personal data gathered about their child.
Users of Xbox must sign up for an account to enjoy some services. During the registration process, personal data is gathered from users, including their full names, email addresses, and dates of birth.
Microsoft only approached a parent for consent after obtaining personally identifiable information from the child, such as the child’s phone number.
According to a statement by FTC, Microsoft retained data “sometimes for years” from the account set up, even when a parent could not finish the process between 2015 and 2020.
In addition, the corporation did not inform the user’s parents about the data it was collecting, including the user’s profile photo and the fact that this data was being shared with third parties.
An Xbox blog post by Microsoft’s Dave McCarthy, CVP of Xbox Player Services, stated that the company was “committed to complying with the order to continue improving our safety measures.” “Regrettably, we did not meet customer expectations,” McCarthy wrote. “We are committed to complying with the order.”
“We believe that we can as well as should do more, and we’ll remain steadfast in our commitment to providing our community with safety, privacy, and security.”
As part of the settlement terms, Microsoft must implement new safeguards to ensure the safety of youngsters. This involves maintaining a system that will destroy all personal data after two weeks if a parental agreement is not acquired.
Before the order can be put into action, it must first receive authorization from a federal judge.
Amazon agreed to pay a fine of $25 million last week after the Federal Trade Commission discovered that the company had improperly stored sensitive data for years, including voice recordings of youngsters.
Ring, a doorbell camera unit owned by Amazon, has also agreed to pay up to $5.8 million after allowing its staff free access to its clients’ data.
