HQ/EMEAFind out how we can help your business
One of the US’ most prominent tech companies, Microsoft, should pay FTC $20 million after the alleged collection and retainment of children’s data without parental consent.
The fine with the Federal Trade Commission is the result of the charges against the company after Microsoft’s Xbox gaming system allegedly illegally collected and kept children’s personal information without notifying or getting the minors’ parent approval.
The director of the FTC explained that they proposed an order to make it easier for parents to protect their children’s privacy on the gaming console and limit the details Microsoft could harvest. In addition, the action should also clarify that every kid’s avatar, health information, and biometric data are also under the jurisdiction of COPPA.
COPPA is the Children’s Online Privacy Protection Act passed in 1998. The COPPA law orders that online websites and services accessible to children under 13 should alert parents about the personal information they collect and acquire parental consent before storing and using the data.
A Department of Justice order filed that represents the Federal Trade Commission mandates Microsoft to expand COPPA protection to include third-party gaming publishers Microsoft shares minors’ data with. The federal court must approve the order before it can go into effect and execute the relevant matters in the case.
The VP for Xbox blamed the entire issue on a Microsoft technical glitch that violated federal law.
A blog post for the Xbox player services vice president explained that the violation of federal law resulted from a technical glitch in Microsoft. However, Microsoft has yet to address the settlement.
Furthermore, the vice president stated they had not met the customer’s expectations and are committed to complying with the order to continue improving their safety measures. Additionally, they can and should do more not to let these things happen again.
Currently, the company has fixed the technical glitch and removed the data. The company claimed they had not used, shared, or monetised the children’s information.
