The US regulator, the FTC, has held Microsoft accountable for illegally collecting children’s data. The Xbox maker isn’t the first gaming company to be mocked by the Federal Trade Commission (FTC).
Illegal collection of children’s data has cost Microsoft dearly: The technology group must pay a $20 million fine as part of a settlement with the U.S. competition watchdog the Federal Trade Commission (FTC). According to the FTC, the settlement still needs to be approved by a federal court before it can go into effect.
Microsoft breaches privacy policy
But why is the FTC mocking Microsoft? Authorities accused the U.S. company of collecting data on children when they signed up for Xbox video game consoles without notifying parents or obtaining their consent. The FTC believes that Microsoft violated the Children’s Online Privacy Protection Act (COPPA). This is a law that protects the privacy of children online.
If the creation process is not complete, the policy is not to store data older than 14 days. This is to allow players to continue creating accounts from where they left off.
Some changes to children’s Xbox accounts
The group itself spoke of a technical issue, a “technical glitch”. This prevents data from certain child accounts from being deleted again, Dave McCarthy, Microsoft’s corporate vice president of Xbox, explained in a blog post. The company has now fixed the “glitch” and deleted the data. McCarthy said the data was never used, shared or monetized.
The U.S. Department of Justice has now issued a directive on behalf of the FTC under which Microsoft must make some changes. For example, Microsoft must in the future notify parents that child accounts are associated with additional data protection requirements and involve parents in the creation of child accounts. For child accounts created before 2021, Microsoft will also need to obtain parental consent after the fact. The company also announced that it will improve its age verification system.
Fortnite developers must pay hundreds of millions of dollars
Microsoft’s million-euro fine is the latest settlement the FTC has reached with a gaming company over breaches of its privacy policy. In December 2022, “Fortnite” developer Epic Games agreed to pay the FTC a $520 million fine, including $275 million for data breaches.
Regulators have accused the company of collecting personal information from children under 13 without parental consent. In addition, parents who request the deletion of their children’s personal data must overcome almost unreasonable obstacles. According to the FTC, the battle royale game’s default settings allow players under the age of 18 to conduct real-time text and chat, violating the privacy of children and teens. This allows minors to get in touch with strangers. “Children and teens are bullied, threatened, harassed, and exposed to dangerous and traumatic issues such as suicide on ‘Fortnite,'” the FTC said.
Shortly before announcing the settlement with the FTC, Epic Games introduced special restricted child accounts for its games Fortnite, Rocket League and Fall Guys, raising data protection requirements. Certain features, such as live chat or in-game purchases, may only be used by underage players with active parental consent.
A message from ARD Finance Editor Angela Göpfert