The United States has fined Microsoft $20m (£16m) after it was found to have illegally collected data on children who made Xbox accounts, the BBC reports.
The FTC reached a settlement with the company that includes enhanced protections for child gamers. Additionally, the tech giant was found to have failed to inform parents of its data collection policies.
Will misuse of personal data and breach of privacy become a new trend? Just a few days ago, the same US commission fined Amazon $25 million for violating children’s privacy with its voice assistant Alexa.
The FTC said Microsoft violated the Children’s Online Privacy Protection Act by failing to obtain proper parental consent and retaining personal data of children under 13 for longer than unreasonable.
for accounts created before 2021.
The law requires online services and websites targeting children to obtain parental consent and inform them of the personal data being collected about their child.
To access certain services Xbox users must create an account, with information such as full name, email address and date of birth collected.
Only after obtaining personal information, such as the child’s phone number, does Microsoft ask the parent for permission.
“Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures,”
Microsoft’s Dave McCarthy, CVP of Xbox Player Services, wrote in an Xbox blog post.
As part of the settlement, Microsoft must also institute new safety protections for children. That includes maintaining a system to delete all personal data after two weeks if no parental consent is obtained.