Microsoft to pay $20 million FTC settlement over improperly storing Xbox account data for kids
Share this

Microsoft is set to pay the Federal Trade Commission (FTC) a $20 million settlement over charges that the company violated the Children’s Online Privacy Protection Act (COPPA). The company retained certain personal information of kids far longer than it should have when they made accounts, according to a press release.

Microsoft will also have to make some changes as part of a proposed order filed by the Department of Justice (DOJ) on behalf of the FTC. Those changes include telling parents that a separate child account comes with additional privacy protections, requiring parents to give consent for child accounts made before 2021, making systems to delete data about necessary to get parental consent for a kids’ account, and telling other publishers when it “discloses personal information from children that the user is a child,” the press release says.

This is just the latest FTC settlement with a video game company over alleged violations of COPPA. In December 2022, Fortnite developer Epic Games reached a $520 million settlement with the FTC, with $275 million of that over the COPPA violations. Earlier that month, Epic introduced for-kids accounts for Fortnite, Rocket League, and Fall Guys.

On Monday, the FTC said that until late 2021, when a user created a Microsoft account, the company asked for certain personal information before asking a parent of an under-13 player to get involved in making the account. But the FTC alleges that Microsoft retained that personal data “sometimes for years” even if the parent didn’t finish the signup process, which is something that’s prohibited by COPPA.

“Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures,” Microsoft’s Dave McCarthy, CVP of Xbox Player Services, wrote in an Xbox blog post. “We believe that we can and should do more, and we’ll remain steadfast in our commitment to safety, privacy, and security for our community.”

In the post, McCarthy says that Microsoft wasn’t deleting account creation data for child accounts due to a “technical glitch,” and that the company has since fixed the glitch and deleted the data. “The data was never used, shared, or monetized,” according to McCarthy.

Share this
You May Also Like

Meta reveals AI Ray-Ban ‘smart glasses’ that scan what you’re seeing with camera and even talk to you

MARK Zuckerberg has unveiled a pair of AI smart glasses that you…

Apple will have to face an antitrust lawsuit alleging iOS Apple Pay dominance

California Northern District Judge Jeffrey White partially denied (PDF) Apple’s request to…

ChatGPT is ‘getting more seductive’ as free upgrade adds voice compared to ‘flirty virtual assistant’ in the movie Her

ARTIFICIAL Intelligence (AI) company OpenAI has added a new flirty feature to…

How to turn regular photos into Portrait mode photos on the iPhone 15

Anyone with an iPhone who’s taken a picture of their child or…