In a recent development, Microsoft has agreed to pay a hefty $20 million settlement to resolve allegations made by the Federal Trade Commission (FTC) that the company violated the Children's Online Privacy Protection Act (COPPA). The FTC claimed that Microsoft had unlawfully collected personal data from children using its Xbox gaming platform without obtaining proper parental consent.
The COPPA Rule stipulates that online platforms and websites catering to children under the age of 13 must inform parents about the personal data they collect and obtain explicit parental approval before gathering any information from these children.
The FTC's Director of the Bureau of Consumer Protection, Samuel Levine, shared how parents can protect their children.
"Our proposed order makes it easier for parents to protect their children’s privacy on Xbox and limits what information Microsoft can collect and retain about kids... This action should also make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA."
According to the FTC's press release, Microsoft failed to comply with these regulations by gathering children's personal details without parental knowledge or permission and storing them without legal authorization.
Levine emphasized the importance of safeguarding children's information, stating that the new order from the FTC aims to tighten Microsoft's ability to collect such data. The settlement and new order will serve as a reminder to companies about the significance of adhering to COPPA and protecting children's privacy rights.
According to the FTC, the violation occurred when Microsoft required users, including children under 13, to register an account on the Xbox gaming platform, providing personal information such as name, email, date of birth, and previously, a phone number. Only after this information was shared would Microsoft seek parental involvement, if the user was below the age of 13. Microsoft is accused of retaining user data for longer than allowed by COPPA, even if the account creation process remained incomplete.
Furthermore, the release highlights that children's personal data, combined with a unique identifier generated by player profiles, could be shared by Microsoft with third-party developers. This data sharing was reportedly enabled by default and could only be disabled through parental intervention.
In addition to the financial penalty, Microsoft is obligated to take several measures to rectify the situation. These include informing parents about the additional privacy features offered through separate child accounts, obtaining parental consent for accounts created by children before May 2021, implementing systems to delete unnecessary personal information collected from children, and notifying video game publishers about child users and ensuring compliance with COPPA.
The FTC, established in 1914, plays a vital role in protecting consumers from unfair business practices and promoting fair competition. By establishing rules and regulations, the FTC aims to create a level playing field for businesses across the nation.
This settlement serves as a clear message that companies must prioritize the privacy and protection of children's personal information and adhere to COPPA regulations. It underscores the need for continued vigilance to ensure that online platforms and websites maintain stringent safeguards to protect the privacy rights of children.
