Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent.
"Our proposed order makes it easier for parents to protect their children's privacy on Xbox, and limits what information Microsoft can collect and retain about kids," FTC's Samuel Levine said. "This action should also make it abundantly clear that kids' avatars, biometric data, and health information are not exempt from COPPA."
As part of the proposed settlement, which is pending court approval, Redmond has been ordered to update its account creation process for children to prevent the collection and storage of data, including obtaining parental consent and deleting said information within two weeks if approval is not obtained.
The privacy protections also extend to third-party gaming publishers with whom Microsoft shares children's data, in addition to subjecting biometric information and avatars created from a children's faces to the privacy laws.
Microsoft, per the FTC, violated COPPA's consent and data retention requirements by requiring those under 13 to provide their first and last names, email addresses, dates of birth, and phone numbers until late 2021.
Furthermore, the Windows maker is said to have shared the user data with advertisers by default until 2019 when consenting to Microsoft's service agreement and advertising policy.
Read the full article HERE