Microsoft will pay $20mn to settle Xbox child privacy violation
The Federal Trade Commission (FTC) does not seem to be a big fan of Microsoft. First, it filed a lawsuit to block the tech giant's acquisition of Activision Blizzard. Now, it has trumped Microsoft in a case related to the violation of the privacy of children. The company has decided to settle the issue by paying $20 million. Let's see what Microsoft did.
Why does this story matter?
Microsoft's decision to settle FTC's complaint comes against the backdrop of another tech giant doing the same. Last week, Amazon agreed to pay over $30 million to settle two lawsuits against privacy violations by the company. Like Microsoft, Amazon too violated kids' right to privacy. FTC's action against the two tech mammoths should put others on notice.
Microsoft violated the Children's Online Privacy Protection Act
In Amazon's case, it was Alexa that violated the children's privacy. Xbox is the culprit in the complaint against Microsoft. In the complaint filed by the Department of Justice (DOJ) on behalf of the FTC, the regulator accused Microsoft of violating the Children's Online Privacy Protection Act (COPPA). What did Microsoft do to violate the act?
Company collected and retained personal information of underage users
To use Xbox, users have to sign up with their personal information. Users under 13 also require parental permission. According to the FTC, Microsoft only asked underage users for parental approval after they provided their personal information. Per the complaint, from 2015-2020, the company obtained data from underage users and retained it even if parents did not approve account creation.
The retention of data was an accident: Microsoft
The FTC said Microsft used gamertags with unique persistent identifiers even for underage users. The unique identifiers help the company share data with third-party developers. The regulator, however, did not say whether Microsoft shared information collected from underage users with third-party developers. Microsoft said the retention of data was accidental, and then it did not share or monetize children's data.
Microsoft is required to change the account creation process
Apart from the $20 million settlement, Microsoft is also required to change the sign-up process for underage users. It will ask for the date of birth first and if required, parental permission. The regulator has also asked the company to create a system that deletes the details of underage users within two weeks if parents don't approve account creation.
