Microsoft has reached a settlement with the US Federal Trade Commission (FTC) after they collected and retained data on children who created Xbox accounts. As part of the agreement, Microsoft will pay a fine of $20 million to the regulators, and additional measures will be implemented to enhance protection for young gamers.
The Children’s Online Privacy Protection Act requires online services and websites targeted at children to obtain parental consent and disclose any personal data being gathered about their child.
According to CNN‘s report, Microsoft neglected to obtain proper consent from parents and retained personal information of children under the age of 13 for longer durations than necessary, for accounts created before 2021. And between 2015 – 2020, the company retained data from incomplete account setups for over a year and also failed to inform parents about the extent of data being collected, which included the user’s profile picture and its distribution to third parties.
Microsoft is now required to implement new safety protections for children. One such measure involves maintaining a system to delete all personal data after two weeks if parental consent is not obtained.
In a similar turn of events, Amazon was fined $30 million in a privacy violation settlement.