NEWS
Microsoft To Pay 20 Million For Child Violation
Microsoft has reportedly been confirmed that it will pay $20m (£16m) to US federal regulators after it was found to have illegally collected data on children who had started Xbox accounts.
The law requires online services and websites directed towards children to obtain a parent’s consent and to inform the parent about personal data being collected about their child.
Xbox users must create an account to use certain services. Information such as full name, email address and date of birth are collected as part of the set up.
Not until after obtaining personal information, such as the child’s phone number, did Microsoft ask for a parent to provide permission.
From 2015 to 2020 Microsoft retained data “sometimes for years” from the account set up, even when a parent failed to complete the process, the FTC said in a statement.
The company also failed to inform parents about all the data it was collecting, including the user’s profile picture and that data was being distributed to third parties.
“Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures,” Microsoft’s Dave McCarthy, CVP of Xbox Player Services, wrote in an Xbox blog post.
“We believe that we can and should do more, and we’ll remain steadfast in our commitment to safety, privacy, and security for our community.”
As part of the settlement, Microsoft must also institute new safety protections for children. That includes maintaining a system to delete all personal data after two weeks if no parental consent is obtained.
The order must be approved by a federal judge before it can go into effect.
Last week, Amazon agreed to pay $25m after the FTC found that it had retained sensitive data, including voice recordings of children, for years.
Amazon’s doorbell camera unit Ring also agreed to pay out $5.8m after giving employees unrestricted access to customers’ data.