Microsoft will pay $20 million to settle charges that it violated children's privacy by improperly collecting personal information from kids who signed up to its Xbox gaming system, the US Federal Trade Commission (FTC) has announced.
The tech giant was charged with flouting the Children's Online Privacy Protection Act (COPPA) by collecting personal information from children who signed up to its Xbox gaming system without notifying their parents or obtaining their parents' consent, and by illegally retaining children's personal information.
"This action should make it abundantly clear that kids' avatars, biometric data, and health information are not exempt from COPPA," said Samuel Levine, Director of the FTC's Bureau of Consumer Protection.
Microsoft will also be required to take steps to bolster privacy protections for child users of its Xbox system.
For example, the order will extend COPPA protections to third-party gaming publishers with whom Microsoft shares children's data.
In addition, the order makes clear that avatars generated from a child's image, and biometric and health information, are covered by the COPPA Rule when collected with other personal data.
The COPPA Rule requires online services and websites directed to children under 13 to notify parents about the personal information they collect and to obtain verifiable parental consent before collecting and using any personal information collected from children.
In addition to the monetary penalty, Microsoft will be required to inform parents who have not created a separate account for their child that doing so will provide additional privacy protections for their child by default.
( 270 Words)