Microsoft Agrees to $20 Million Settlement in Child Privacy Breach Case

166

Microsoft has reached a settlement with the U.S. Federal Trade Commission (FTC) to pay $20 million, following charges of illegally collecting personal information from children without parental consent. The FTC accused the tech giant of violating the Children’s Online Privacy Protection Act (COPPA) by gathering data from children who signed up for the Xbox gaming system without informing their parents or obtaining consent.

In a statement, the FTC highlighted that Microsoft not only collected personal information from children but also retained it. To rectify the situation, the settlement order requires Microsoft to implement measures aimed at enhancing privacy protections for child users of the Xbox system. Additionally, the company must extend COPPA safeguards to third-party gaming publishers with whom it shares children’s data.

A spokesperson for Microsoft assured the public of the company’s commitment to complying with the order. The spokesperson acknowledged that improvements would be made to the account creation process and addressed a data retention glitch discovered in the company’s system. Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, expressed his satisfaction with the settlement. He stated, “Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids.”

Levine emphasized that the action sends a clear message that avatars, biometric data, and health information of children are not exempt from COPPA regulations. Under COPPA, online services and websites targeted at children under 13 must inform parents about the personal information they collect and obtain verifiable parental consent before using it. However, Microsoft retained data collected from children during the account creation process between 2015 and 2020, even when parents failed to complete the process, as alleged in the complaint.

The settlement signifies a significant step in holding tech companies accountable for their data practices, particularly concerning children’s privacy. With the enforcement of stricter measures and the monetary penalty imposed on Microsoft, the FTC aims to ensure that companies prioritize the protection of children’s personal information. As the digital landscape continues to evolve, the safeguarding of children’s privacy remains a crucial aspect that demands constant vigilance and robust regulatory oversight.