The FTC has ordered Microsoft to pay a $20 million fine after finding that it had illegally gathered personal information on minors through Xbox without informing their parents.
If you are under 13, you need your parent's consent to sign up for an Xbox account, but the FTC found that Microsoft was keeping the data from this signup process regardless of whether parental consent had been acquired.
RELATED: AI Will Be Gaming's Downfall
As reported by GamesIndustry.biz, Xbox also breached the Children's Online Privacy Protection Act by holding onto the data for "longer than is reasonably necessary to fulfil the purpose for which it was collected". Microsoft claims that this is due to a "technical glitch" (in that the systems in place to delete said data were not working). Microsoft has since addressed the FTC's complaints and deleted the data manually. It also reassures that the data gathered was "never used, shared, or monetised".
You need an Xbox account to play games and access online features, which means providing an email address, phone number, date of birth, and full name. As such, Microsoft was gathering these details from minors without always having their parent's consent, and then holding onto it for longer than necessary. This is forbidden under COPPA.
Not only will Microsoft have to pay a $20 million fine as a result of this breach, but the FTC told it to retroactively get parental consent for any accounts created before May 2021 if the account holder is still under the age of 13. Microsoft has said it will do this, while it has also claimed it's building a "next-generation identity and age validation system which will be a "convenient, secure, one-time process".
Elsewhere, Blizzard - which Microsoft is
Read more on thegamer.com