Microsoft fined by FTC for breaking online child protection laws

thesixthaxis.com:

Microsoft has been handed a $20 million fine by the FTC for violating the Children’s Online Privacy Protection Act (COPPA) in the US, having collected personal information from children via Xbox consoles without parental consent, and illegally retained that information.

The company has entered into a settlement with the FTC and pledges to overhaul their privacy protection systems for children using their consoles.

Explaining the settlement on the Xbox Wire blog, Dave McCarthy, CVP Xbox Player Services says, “We recently entered into a settlement with the U.S. Federal Trade Commission (FTC) to update our account creation process and resolve a data retention glitch found in our system. Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures. We believe that we can and should do more, and we’ll remain steadfast in our commitment to safety, privacy, and security for our community.”

Microsoft fell foul of COPPA through the account set up phase of using an Xbox, during which you have to create an account and provide personal information. Even if a user indicated they were under 13, they were then asked to agree to Microsoft’s service agreement and to provide further personal information, and it was only after this that they would be asked to involve a parent, when that step should have come sooner.

From 2015 through 2020, Microsoft would retain this data, even if a parent did not complete the account sign-up process. Parents also had to opt out of information such as gamertags and persistent identifiers being shared with third party game and app developers.

The sign up process has now been re-ordered so that users must first provide a date of