After a thorough investigation, the Federal Trade Commission (FTC) ordered Microsoft to pay a $20 million fine for unlawfully collecting and maintaining the personal information of children using Xbox consoles without parental consent.
The FTC has accused Microsoft of violating US COPPA law (Children’s Online Privacy Protection Act) by unlawfully collecting and maintaining personal information from children on its Xbox consoles. The creation of an account on the console, a necessary step to play games, involved until recently the collection of personal data such as the user’s first name, last name, date of birth and email address. It was only after this data was collected that Microsoft indicated the need for parental consent for users under the age of 13.
Microsoft is committed to obtaining parental consent
From 2015 to 2020, Microsoft retained data it collected from children during the account creation process, even if a parent did not complete it. COPPA prohibits the retention of personal information ” longer than reasonably necessary to fulfill the purpose for which it was collected “, according to the Commission.
Faced with these accusations, Microsoft reacted by updating the account creation system. Now players must provide their date of birth first. If the user is younger than 13, parental consent must be obtained before a phone number and email address is requested. The publisher attributed the data retention issue to a “technical bug” that prevented its systems from deleting data from unfinalized child accounts. The company said it fixed the issue, deleted the affected data, and took steps to prevent it from happening again.
In addition to the fine, a proposed order filed by the US Department of Justice on behalf of the FTC will require Microsoft to improve privacy protections for child users on Xbox. This will include extending COPPA protections to all third-party publishers that Microsoft shares data with.
The FTC also required Microsoft to obtain parental consent for all child accounts created before May 2021 if the user is under 13. The company has confirmed that it will comply with this request. Microsoft is also committed to improving its systems by developing a system of ” next-gen identity and age verification “which will be a process” convenient, secure and unique “. The manufacturer will test new methods to validate the age of users over the next few months and collect feedback to improve these systems.
Microsoft must do its utmost to obtain the benevolence of American regulators, while the group will plead its case this summer on the file of the acquisition of Activision. Better not get mad at the FTC…