Microsoft Fined $20M For Xbox Child Data Collection
The FTC has demanded additional data privacy protections for kids using Xbox gaming systems, extending COPPA protections.
Microsoft has reached a $20 million settlement with the Federal Trade Commission (FTC) for violating the Children's Online Privacy Protection Act (COPPA), by gathering, without parental consent, data on children using its Xbox gaming system.
COPPA rules state that sites aimed at children under 13 must notify parents and obtain consent before collecting any personal data, and that even with parental consent, storage of any data on a minor can't be stored longer than is "reasonably necessary," according to the FTC. The FTC said it found Microsoft retained children's data from 2015-2020, often collected from Xbox accounts without parents' permission.
The FTC has proposed an order in coordination with the Department of Justice asking that in addition to the fine, Microsoft must extend COPPA protections to third-party game publishers in the Xbox ecosystem, the FTC added. Regulators also specifically outlined that a child's image, biometric and health information captured by Xbox are likewise covered by COPPA rules.
"Our proposed order makes it easier for parents to protect their children's privacy on Xbox, and limits what information Microsoft can collect and retain about kids," Samuel Levine, Director of the FTC's Bureau of Consumer Protection said in the Microsoft fine announcement. "This action should also make it abundantly clear that kids' avatars, biometric data, and health information are not exempt from COPPA."
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024