US fines Microsoft $20m over child data violations

Microsoft will pay $20 million to settle government charges that it collected personal information from children without their parents’ consent, officials said Monday.

The Federal Trade Commission alleged that from 2015 to 2020 Microsoft collected personal data from children under age 13 who signed up to its Xbox gaming system without their parents’ permission and retained this information.

To open an account, users had to provide their first and last names, email addresses, and dates of birth.

The FTC said Microsoft violated a law called the Children’s Online Privacy Protection Act, or COPPA.

“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” said Samuel Levine, head of the FTC’s Bureau of Consumer Protection.

“This action should also make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA,” Levine added.

The decision still needs the approval of a federal court before it can be implemented.

The FTC said Microsoft will be required to take several steps to bolster privacy protections for child users of its Xbox system.

Under the COPPA law, online services and websites aimed at kids under 13 must notify parents about the personal information they collect and obtain verifiable parental consent before collecting and using any personal information collected from children.

Microsoft did not immediately reply to an AFP request for comment.