The FTC wants Microsoft to pay $20 million for mishandling children's personal information
The Department of Justice (DOJ) has filed a proposed order on behalf of the Federal Trade Commission (FTC) that will require Microsoft to pay $20 million to settle a breach of the Children's Online Privacy Protection Act (COPPA).
The FTC claims Microsoft violated the COPPA by collecting and retaining the personal information of children who signed up to use its Xbox platform without notifying their parents or obtaining their consent.
The COPPA requires online services and websites directed at children under 13 to notify parents about the personal information that's being collected, while also obtaining verifiable parental consent before gathering and using that data.
According to a complaint filed by the DOJ, Microsoft violated those requirements by asking anybody (including children) seeking to access and play games on an Xbox console, or use other services such as Xbox Live, to create an account by providing personal information such as their first and last name, email address, and date of birth.
"Even when a user indicated that they were under 13, they were also asked, until late 2021, to provide additional personal information including a phone number and to agree to Microsoft's service agreement and advertising policy, which until 2019 included a pre-checked box allowing Microsoft to send promotional messages and to share user data with advertisers, according to the complaint," adds the FTC.
Notably, those under 13 were only asked to involve their parents in that process after their personal information had been handed over, resulting in Microsoft retaining data even when a parent failed to complete the process.
"According to the complaint, from 2015-2020 Microsoft retained the data—sometimes for years—that it
Read more on gamedeveloper.com
