The FTC has fined Microsoft $20 million for illegally collecting children’s personal info on Xbox

videogameschronicle.com:

Microsoft has agreed to pay the US Federal Trade Commission (FTC) $20 million for illegally collecting personal information from children on Xbox consoles without their parents’ consent.

According to an FTC statement, the Xbox sign-up process violates the Children’s Online Privacy Protection Act because it collects children’s personal information without notifying their parents and getting their permission.

Xbox was also accused of “illegally retaining children’s personal information”, something the company has admitted and described as a “technical glitch”.

The issue, which was mainly remedied in late 2021, revolved around the process required when signing up for an Xbox Live account.

When a user signed up for an account they had to provide their full name, email address and date of birth. Even if this date of birth showed the user was under 13, they were still asked to provide more personal information including their phone number.

Until 2019, this also included a pre-checked box agreeing to receive promotional material and to let Microsoft send user data to advertisers.

Only after this information was provided did the process then require anyone under 13 to get a parent to complete the rest of the account creation process. However, according to the FTC’s complaint, from 2015 to 2020 the child’s data was still retained even if the process wasn’t completed, sometimes for years.

Proposed order will require Microsoft to bolster protections for children; makes clear that avatars generated from kids’ image and biometric and health data are protected under the Children’s Online Privacy Protection Act (COPPA) /2

— FTC (@FTC) <a target="_blank" rel=«noopener» class=«link-external»