Microsoft agrees to pay $20 million in a settlement with the Federal Trade Commission, over alleged COPPA violations regarding how the tech giant handled child account data on its Xbox platform.
Key Takeaways:
- Microsoft is to pay a $20 million settlement to the FTC for allegedly violating COPPA by retaining kids’ personal information longer than necessary during Xbox account signups.
- As part of the FTC’s proposed order, Microsoft will make several changes, including providing additional privacy protections for child accounts and requiring parental consent for child accounts created before 2021.
- Microsoft has expressed regret and assured the public that the technical glitch that led to the data retention issue has been fixed, and the data has been deleted.
Microsoft Faces $20 Million FTC Settlement over COPPA Breach
Microsoft has agreed to pay a $20 million settlement to the Federal Trade Commission (FTC) following charges related to violating the Children’s Online Privacy Protection Act (COPPA). The Redmond-based tech giant is accused of retaining personal information of underage users beyond necessary timeframes during Xbox account creation, a disclosure stated.
FTC Order Dictates Changes for Microsoft’s Child Privacy Measures
In addition to the financial penalties, Microsoft is required to implement changes according to an order proposed by the Department of Justice (DOJ), representing the FTC. These measures include the provision of added privacy protections for child accounts, acquiring parental consent for child accounts created before 2021, creating systems for data deletion, and informing publishers when disclosing a user’s personal information that the user is a minor.
This FTC action forms part of a broader enforcement trend against video gaming companies over alleged COPPA violations. Notably, in December 2022, Fortnite’s creator, Epic Games, settled with the FTC for $520 million, with $275 million attributed to COPPA infractions.
Controversial Data Retention Practices Under Fire
According to FTC, Microsoft, until late 2021, would gather personal information during account creation, only later involving parents for underage players. However, the FTC claims Microsoft held on to this personal information “sometimes for years,” even if parents didn’t complete the sign-up process, contravening COPPA guidelines.
Microsoft’s Dave McCarthy, CVP of Xbox Player Services, expressed regret over the matter, stating their commitment to improving safety measures. McCarthy further explained that a “technical glitch” led to the improper data retention for child accounts, assuring the public that this glitch has been corrected, and the data in question has been deleted.