Microsoft Pays $20M to Settle FTC COPPA Complaint


Governance & Risk Management

FTC Says Violations Stem From XBox Live Registration Process

Microsoft Pays $20M to Settle FTC COPPA Complaint
Image: Shutterstock

Microsoft will pay $20 million to settle a U.S. federal investigation into whether the computing giant violated children’s privacy protections during the XBox Live registration process.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

The Federal Trade Commission accused the company of a slew of infractions including, until 2019, automatically opting children’s accounts into accepting Microsoft promotional offers during the new account set up process before reaching a prompt for obtaining parental permission.

Until August 2021, the video game console registration process also asked children to enter additional information such as a telephone number before reaching the parental notification prompt. The agency says approximately 218,000 Xbox users in the United States self-identified as younger than 13 during the five-year period that ended in December 2021.

Microsoft until October 2020 also indefinitely retained personal information, including from children, of approximately 10 million individuals collected from new account registration processes not fully completed, the federal complaint states.

Online users younger than the age of 13 in are subject to Children’s Online Privacy Protection Act, a 1998 law that requires companies to obtain parental consent before companies can collect data.

A proposed settlement that requires approval by a federal judge calls on Microsoft to delete children’s information from the account registration process within two weeks unless it has obtained parental consent.

“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” said SamLevine, director of the FTC’s Bureau of Consumer Protection.

Within 60 days of the settlement going into effect, the company must also obtain parental consent for children’s accounts. The FTC says Microsoft’s disclosure notices to parents until April 2021 did not fully reveal all the information the computing giant intended to collect, including potentially images of children to display in their accounts.

The settlement also calls for Microsoft to delete all information collected from children within one year of an account suspension.

Representatives of Microsoft did not immediately return a request for comment.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *