Xbox hit with $20M fine over child privacy violations

GAMES
By James

Microsoft will pay a $20 million fine after the US Federal Trade Commission was accused of violating children’s privacy rights with its practices of collecting information from the Xbox Live service.

The FTC announced the fine on Monday. The monetary settlement covers violations of the Children’s Online Privacy Protection Act of 1998 (COPPA), which pertain to “children who have signed up to [the] Xbox gaming system without notifying or obtaining parental consent, and by illegally retaining children’s personal information,” the FTC said in a statement.

In addition, Microsoft must take additional steps to strengthen privacy protections for minor children using Xbox consoles and Xbox Live, subject to approval of that order by a federal judge.

COPPA requires online services and websites to notify parents that they collect personal information about children under the age of 13, and obtain verifiable parental consent before doing so. In this case, the violations stem from the fact that even when an Xbox Live user “reported being under the age of 13, they were also asked to provide additional personal information, including a phone number, until the end of 2021.”

In addition, as part of accepting the Xbox Live terms of use, these children also agreed to a pre-verified agreement that allows Microsoft to send promotional messages and share this information with advertisers. Microsoft then retained this data on children under 13, another COPPA violation.

In Monday blog postDave McCarthy, Xbox’s executive in charge of player services, called the issue a “data retention bug found in our system” and said that “unfortunately we fell short of customer expectations.”

“We believe we can and must do more,” McCarthy added, “and we will remain steadfast in our commitment to safety, privacy and security for our community.”

He said the data retention violation was an error “in violation of our policy of only storing that information for 14 days to make it easier for gamers to pick up where they left off to complete the process.” That “glitch” has been fixed and the data has since been deleted. McCarthy said it was “never used, shared or monetized”.

Going forward, players under the age of 13 who created an Xbox Live account before May 2021 will need to re-verify their account with parental consent.

Microsoft and the FTC are of course embroiled in another lawsuit – related to Microsoft’s planned $68.7 billion acquisition of Activision Blizzard. In that complaint, the FTC said the agreement between Microsoft and Activision would “allow Microsoft to stifle competitors from its Xbox game consoles and its burgeoning subscription content and cloud gaming business.”

That complaint was filed at the end of 2022; regulators in the European Union ever since announced that they are approving the deal. Still, the action from the US, as well as a thumbs down from the UK’s Competition and Markets Authority, have kept the deal in limbo. Microsoft and Activision announced the proposed acquisition in January 2022.

You might also like More from author