Microsoft to Pay $20 Million Settlement for Illegal Data Collection on Child Xbox Users

Attention India
3 Min Read

6th June 2023, Mumbai: Microsoft has agreed to pay $20 million (£16 million) to US federal regulators following an investigation that found the company had illegally collected data on children who created Xbox accounts. The settlement, reached with the Federal Trade Commission (FTC), also includes enhanced protections for young gamers. Among the violations discovered, the FTC found that Microsoft failed to adequately inform parents about its data collection policies. This recent action follows a similar case against Amazon involving its Echo devices. The FTC determined that Microsoft violated the Children’s Online Privacy Protection Act by not obtaining proper parental consent and by retaining personal data of children under 13 for an excessive period of time in accounts created before 2021.

To use specific services, Xbox users are required to create an account, which involves the collection of information such as full name, email address, and date of birth. However, Microsoft did not seek parental permission until after obtaining personal information, including the child’s phone number. According to the FTC’s statement, Microsoft retained data from account setups between 2015 and 2020 for extended periods, even if parents did not complete the process.In addition to the lack of informed consent, Microsoft also failed to adequately disclose to parents the extent of data it was collecting, including the user’s profile picture and the sharing of data with third parties. In response to the settlement, Dave McCarthy, CVP of Xbox Player Services at Microsoft, expressed regret for not meeting customer expectations and pledged to comply with the order while striving to improve safety measures. McCarthy emphasized Microsoft’s commitment to the safety, privacy, and security of its community and acknowledged the need to do more.

Under the terms of the settlement, Microsoft is required to implement new safety measures specifically designed to protect children. This includes maintaining a system that deletes all personal data within two weeks if parental consent is not obtained. However, before the settlement can take effect, it must first receive approval from a federal judge.

Article by PRITESH PATEL

Share This Article
Leave a comment

Leave a Reply