GameBaba Universe

FTC Slams $20M Fine On Microsoft For Breaching COPPA

FTC fines Microsoft $20 million

It has been one lawsuit to another for Microsoft in recent months. From being blocked by UK regulators from completing Activision takeover, the Federal Trade Commission (FTC) on Monday, June 5 announced that it has slammed $20m on Microsoft for the violation of the Children’s Online Privacy Protection Act (COPPA).

FTC Fines Microsoft $20 million

According to FTC, Microsoft collected personal information from children who registered to its Xbox gaming system without consent from their parents or sending notifications to their parents and has illegally retained such information.

“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “This action should also make it abundantly clear that children’s avatars, health information, and biometric data are not exempt from COPPA.”

ALSO READ: Microsoft’s $69 Billion Activision Takeover Inches Closer To Success

In addition to the fine of $20 on Microsoft, the tech giant is required to take a series of steps to increase privacy protections for child users of its Xbox system. The proposed order will extend to any third-party publishers that Microsoft shares children’s data with. A federal court must approve the order before it is enforced.

The COPPA Rule that Microsoft violated

Microsoft logo

COPPA Rule makes it mandatory for online websites and services targeted at children under 13 years to inform their parents about the personal information they collect and get the consent of the parents through verifiable means before collecting and using such personal information.

A complaint filed by the Department of Justice (DOJ) shows that Microsoft violated the COPPA Rule’s notification, consent, and data retention regulations. To use Microsoft’s Xbox gaming products or any other Xbox Live service, users are mandated to provide personal information which includes their first and last name, date of birth, and email address.

Up until 2021, users were still asked to provide personal information like phone numbers and agree to Microsoft’s service agreement and advertising policy, even when they indicated that they were under 13 years. According to the complaint, as of 2019, the agreement included a checkbox that allowed Microsoft to share the data of the user with advertisers and to send promotional messages to the user.

It was after ‘harvesting’ the personal data that Microsoft asked those under 13 years to involve their parents. The parents were now required to complete the account creation process before the child will get the account.

Microsoft was accused of retaining the data it collected from children during the account creation process from 2015 to 2020—sometimes for years—even when the parents did not complete the account creation process.

COPPA regulation prohibits the retention of children’s personal details longer than the purpose for which it was collected. The complaint said Microsoft did not disclose all the information they collected to parents. You can read the full FTC press release here.

Microsoft and Xbox reimagine the future after the FTC settlement

Dave McCarthy, CVP Xbox Player Services owned by Microsoft
Dave McCarthy, CVP of Xbox Player Services

In a lengthy announcement posted on the Xbox news site, Dave McCarthy, the Corporate Vice President of Xbox Player Services, explained the commitment of Xbox to provide a “safe and secure experience” to all players on its platform—especially younger players.

“We recently entered into a settlement with the U.S. FTC to update our account creation process and resolve a data retention glitch found in our system,” wrote McCarthy. “Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving our safety measures.”

ALSO READ: 7 Best Handheld Game Console

McCarthy agreed that Xbox and Microsoft “can and should do more” when it comes to privacy, safety, and security for its community. McCarthy emphasized that since the first internet-enabled console was released in 2005, Microsoft and Xbox have continued investing in technologies and tools that protect the community.

“Over the coming months, we will test new methods to validate age and take feedback from our customers’ experience. The learnings from these trials will directly inform advancements in our player identity systems.”

Dave McCarthy, CVP Xbox Player Services

Following the FTC settlement, Xbox has updated the account creation process with the date of birth becoming the first identification that players will have to provide. Once the player is under 13 years, verified parental consent will be required before the player will be asked to provide other personal information. Read the full statement by McCarthy here.

Remember to share and bookmark this website to stay up to date on all the hottest news in the gaming industry.