uTalk

thrive

Member

Registered: 2023-01-04

Posts: 1,985

Microsoft to pay $20M fine for illegally collecting kid's data on Xbox

Microsoft has agreed to pay a $20 million fine to resolve according to allegations made by the US Federal Trade Commission (FTC), the company improperly collected and stored the data of kids who registered to use the Xbox gaming console without the knowledge or consent of their parents.

According to Samuel Levine of the FTC, "Our proposed order makes it simpler for parents to protect their children's privacy on Xbox and limits what information Microsoft can collect and retain about children.". "This action should also make it abundantly clear that children's avatars, biometric information, and health information are not exempt from COPPA. ".

As part of the proposed settlement, which is still awaiting court approval, Redmond has been mandated to update its account creation procedures for minors in order to prevent the gathering and storing of data, including obtaining parental consent and deleting said information within two weeks if approval is not obtained.

In addition to requiring biometric data and avatars made from children's faces to adhere to privacy laws, the privacy protections also apply to independent game publishers with whom Microsoft shares children's data.

According to the FTC, Microsoft required those under 13 to provide their first and last names, email addresses, dates of birth, and phone numbers until late 2021, in violation of COPPA's consent and data retention requirements.

Additionally, according to reports, the maker of Windows shared user data with advertisers until 2019 when users agreed to Microsoft's service agreement and advertising policy by default.

The FTC claimed that Microsoft didn't ask users to involve their parents until after they had submitted this personal data. The process of creating the child's account was then completed by the child's parent before the child could get their own account. ".

However, Microsoft made the decision to break U.S. laws protecting children's privacy by keeping the information it collected about children during the account creation step even in cases where a parent did not finish the signup process for years.

The business has also been charged with creating a special persistent identifier for accounts belonging to minors, sharing that information with the creators of outside games and apps, and explicitly requesting that parents opt out in order to prevent their children from accessing outside games and apps on Xbox Live.

Xbox responded by stating that it was taking additional measures to strengthen its age verification processes and to make sure that parents were involved in the creation of child accounts for the service. The specifics of what such a system might be were not made public.

Additionally, it claimed that some of the problems were caused by a technical error that failed to "delete account creation data for child accounts where the account creation process was started but not completed," while emphasizing that the data was promptly deleted and was never "used, shared, or monetized.". ".

The FTC has previously penalized a video game developer for COPPA violations. Epic Games, the company behind Fortnite, reached a $520 million settlement with the organization in December 2022, in part as retaliation for breaking children's online privacy laws.

The penalties follow Microsoft's disclosure that it expects to pay the Irish Data Protection Commission (DPC) fines totaling "about $425 million" in the fourth quarter of 2023 for possibly breaking the General Data Protection Regulation (GDPR) by using LinkedIn users' personal information to serve targeted advertisements.

The development also occurs shortly after the FTC fined Amazon a total of $30.8 million for a series of privacy violations involving its Alexa personal assistant and Ring security cameras.