Microsoft will pay $20 million to settle charges from the US Federal Trade Commission that it illegally collected personal information from children without a guardian’s consent.
The tech giant has been charged with violating the Children’s Online Privacy Protection Act (COPPA), a federal law that requires online services and websites that cater to children under 13 to notify their guardians of the personal information being collected.
Parental consent is also required before those online services and sites use any child’s personal information.
From 2015 to 2020, Microsoft collected data from children under 13 during the account creation process, even when a parent failed to complete the consent process, and disclosed some of this information to third parties, according to the FTC’s complaint.
Along with paying millions in penalties, an order filed by the FTC will require Microsoft to amend its privacy protections for child Xbox users.
The order will require COPPA protections to extend to third-party gaming publishers with whom Microsoft shares children’s data.
The data protected by COPPA includes child’s images, as well as biometric and health information, that a young Xbox gamer may use to generate their avatars on the gaming console.
Under the proposed order, Microsoft will have to obtain parental consent for accounts created before May 2021 if the account holder is still a child.
In addition, a system must be put into place where children’s collected data is deleted within two weeks from collection date if Microsoft has not obtained parental consent within that time period.
The order, which was filed on Monday in US District Court in the Western District of Washington, has to be approved by a federal court before it can go into effect.
“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” said Samuel Levine, the Director of the FTC’s Bureau of Consumer Protection, in a press release.
“This action should also make it abundantly clear that kids’ avatars, biometric data and health information are not exempt from COPPA,” Levine added.
Microsoft did not immediately respond to The Post’s request for comment.
The complaint settlement comes nearly a month after European Union regulators approved Microsoft’s $69 million bid to acquire video gaming firm Activision Blizzard.
The EU made the decision two weeks after UK regulators quashed the deal over fears that it would hurt competition. The FTC voiced similar antitrust complaints in blocking the deal in the US last December.
However, EU officials gave Microsoft the green light in mid-May after the maker of the Xbox gaming console agreed to ensure that rival companies would continue to have access to Activision-developed games, including the ultra-popular “Call of Duty,” “World of Warcraft” and “Candy Crush.”
The modified agreement also ensures that Microsoft will bring all Activision games — “current and future” — to any cloud game streaming service, the European Commission (EC), EU’s executive arm, said in a statement.
Source