Categories: Regulation

Microsoft To Pay $20m In Child Data Settlement

Microsoft is to pay $20 million (£16m) to settle allegations by the US Federal Trade Commission (FTC) that it illegally collected and retained the data of children who used its Xbox Live service.

The settlement, announced late on Monday, also includes additional protections for children using the service.

Microsoft required people using Xbox Live to sign up for accounts and provide their name, email address and age information.

But even when the company was aware users were under the age of 13 it continued to collect and retain data on them in violation of a US child safety law called the Children’s Online Privacy Protection Act (COPPA), the FTC said.

Parental consent

The regulator said Microsoft had, amongst other things, failed to inform parents of its data policies and obtain their consent as required by the law.

Not until after obtaining personal information on a child, such as a phone number, did Microsoft ask for parental consent.

From 2015 to 2020 Microsoft retained data “sometimes for years” from the account, even when a parent failed to complete the process, the FTC said.

Microsoft also failed to inform parents about all the data that was being collected, including the child’s profile photo, and that data was being distributed to third parties.

‘Data retention glitch’

Microsoft called the problem a “data retention glitch” and said it would improve its systems.

“In addition to our existing multifacted safety strategy, we also plan to develop next-generation identity and age validation — a convenient, secure, one-time process for all players,” the company said in a statement.

The new measures under the settlement include a system to delete data after two weeks if parental consent is not obtained.

The order must be approved by a federal judge before it can go into effect.

Child safety

Last week Amazon agreed to pay $25m after the FTC found it had retained sensitive data on children, including voice recordings, for years.

Under the settlement Amazon’s doorbell camera unit Ring agreed to pay $5.8m after giving employees unrestricted access to customers’ data.

Google and TikTok are amongst the other companies that have also been hit by FTC penalties for collecting data on children without parental consent, while last December Epic Games agreed to a record-breaking $520m settlement with the FTC for COPPA violations.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Hackers ‘Publish Walt Disney Internal Slack Data’

Hackers reportedly publish data from thousands of Disney internal Slack communications, including data on strategy…

10 hours ago

Apple Shares Reach All-Time High On AI Optimism

Apple shares surge after Morgan Stanley rates company 'top pick' over AI plans and says…

11 hours ago

Musk Confirms Robotaxi Delay For Design Change

Elon Musk confirms delay of Tesla robotaxi launch as company's shares surge after he publicly…

11 hours ago

Silicon UK In Focus Podcast: The Value of Data

Discover the transformative power of data in our latest podcast. Learn how leveraging data can…

12 hours ago

Smartphone Market Recovery Heading For ‘Slow, Steady Growth’

Global smartphone market shows growth for third consecutive quarter as it recovers from weakest year…

12 hours ago

Huawei Completes Massive $1.4bn R&D Campus With ‘100 Cafes’

Huawei Technologies completes work on massive centralised R&D campus as it seeks to develop domestic…

12 hours ago