close
Thursday November 14, 2024

Microsoft to pay $20 million for violating children's privacy

FTC reveals that Microsoft ignored requesting a parent's consent before gathering personal data, such as the child's phone number which is illegal

By Web Desk
June 06, 2023
A building with offices belonging to Microsoft in Chevy Chase, Maryland, January 18, 2023. — AFP
A building with offices belonging to Microsoft in Chevy Chase, Maryland, January 18, 2023. — AFP

Once it was discovered that Microsoft had improperly acquired data on children who had created Xbox accounts, the tech giant is expected to make a $20 million payment to US federal officials.

On Monday, the Federal Trade Commission (FTC) and Microsoft came to an agreement that includes improved safeguards for young players.

The FTC discovered that Microsoft neglected to educate parents about its data collection policy, among other breaches.

It comes after a comparable move against Amazon last week regarding its Echo gadgets, the BBC reported.

According to the FTC, by failing to properly get parental consent and keeping personal information on children under 13 for longer than necessary for accounts created before 2021, Microsoft broke the Children's Online Privacy Protection Act.

Online businesses and websites that cater to children are required by law to acquire parental approval and notify the parent when personal information about their child is being gathered, the report informed.

To use several services on Xbox, customers must first register an account. As part of the setup, details including your full name, email address, and birthday are gathered.

The FTC also revealed that Microsoft did not request a parent's consent before gathering personal data, such as the child's phone number.

From 2015 to 2020, Microsoft retained data "sometimes for years" from the account set up, even when a parent failed to complete the process, the FTC said in a statement.

Microsoft failed to inform parents of the data it was collecting and sharing with third parties.

"Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures," Microsoft's Dave McCarthy, CVP of Xbox Player Services, wrote in an Xbox blog post.

"We believe that we can and should do more, and we'll remain steadfast in our commitment to safety, privacy, and security for our community," he added.

According to the settlement, Microsoft must institute new safety protections for children, which must be approved by a judge before they can go into effect.

Furthermore, the settlement also presses the company to maintain a system to delete all personal data after two weeks if no parental consent is obtained.

Previously, Amazon agreed to pay $25 million after the FTC discovered that it had kept sensitive data, including child voice recordings, for years.

Ring, an Amazon product that has a doorbell camera, has agreed to pay $5.8 million after giving staff members unrestricted access to consumer information.