Federal Trade Commission just announced Microsoft has been fined $20 million “for allegedly illegally collecting personal information from children who signed up for the Xbox gaming system without parental consent.”
The ruling follows a larger decision in December 2022 by Epic Games, the developer of the game. fortnite, fined $550 million “Privacy-intrusive default settings and use of tricked-out and deceptive interfaces” fortnite Users include teenagers and children. “
In this case, the FTC said the problem was centered around creating a child’s account on the Xbox console, and that the process would require a certain amount of personal information before children need parental assistance and permission until late 2021. will be allowed to enter. Microsoft stored that data (sometimes “for years”) even if the account wasn’t created. This is a violation of the Children’s Online Privacy Protection Regulation (COPPA).
Microsoft has already responded to the ruling by saying: director Xbox Player Services CVP Dave McCarthy said on the official Xbox blog that the breach was the result of a “glitch” that Microsoft will continue to “improve.”
We recently entered into a settlement with the US Federal Trade Commission (FTC) to update our account creation process and resolve data retention glitches found in our system. Unfortunately, we were not able to meet your expectations, but we are committed to following orders to continuously improve our safety measures. We believe we can and should do more, and remain steadfast in our commitment to the safety, privacy, and security of our community.
McCarthy went on to elaborate on the details of this “glitch” and how children’s data is retained, even though it “violates our policy of only storing information for 14 days.” It explains what happened.
During our investigation, we identified a technical glitch that prevented the system from deleting account creation data for child accounts whose account creation process had been initiated but not completed. This contradicted our policy that he only kept that information for 14 days to help the gamer pick up where they left off and complete the process. Our engineering team acted immediately to fix the defect, remove the data, and take action to prevent the error from reoccurring. Data was never used, shared or monetized.
FTC statementOn the one hand, I say::
Microsoft has been sued by the Federal Trade Commission for violating the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children who signed up for the Xbox gaming system without parental notification and parental consent. will pay $20 million to settle the lawsuit. Unlawful retention of a child’s personal information.
“Our proposed order will make it easier for parents to protect their children’s privacy on Xbox and limit the information Microsoft can collect and retain about them,” said FTC Consumer Protection Director Samuel Levin. ‘ said. “This action should make it sufficiently clear that the child’s avatar, biometric data and health information are also not exempt from his COPPA.”
As part of the proposed order filed by the Department of Justice on behalf of the FTC, Microsoft will be required to take several steps to better protect the privacy of child users of the Xbox system. For example, the order extends his COPPA protections to third-party game publishers with whom Microsoft shares children’s data. Additionally, the order clarifies that avatars generated from images of children, biometrics and health information are subject to the COPPA rule when collected with other personal data. The order must be approved by a federal court before it can take effect.
