Microsoft will pay $US20 million ($A30 million) to settle US Federal Trade Commission (FTC) charges it illegally collected personal information from children without their parents’ consent.
The company had been charged with violating the US Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children who signed up for its Xbox gaming system without notifying their parents or obtaining their parents’ consent, and by retaining children’s personal information, the FTC said in a statement on Monday.
The order requires Microsoft to take steps to improve privacy protections for child users of its Xbox system.
It will extend COPPA protections to third-party gaming publishers with whom Microsoft shares children’s data, the FTC said.
A Microsoft representative said the company was committed to complying with the order.
The representative said the account creation process would be updated and a data retention glitch found in the company’s system would be resolved.
“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” FTC’s Bureau of Consumer Protection director Samuel Levine said.
“This action should also make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA.”
The law requires online services and websites directed to children under 13 to notify parents about the personal information they collect and to obtain verifiable parental consent before collecting and using any personal information collected from children.
From 2015 to 2020, Microsoft retained the data it collected from children during the account creation process, even when a parent failed to complete the process, according to the complaint.