Microsoft Fined $20M For Xbox Child Data Collection
The FTC has demanded additional data privacy protections for kids using Xbox gaming systems, extending COPPA protections.
Microsoft has reached a $20 million settlement with the Federal Trade Commission (FTC) for violating the Children's Online Privacy Protection Act (COPPA), by gathering, without parental consent, data on children using its Xbox gaming system.
COPPA rules state that sites aimed at children under 13 must notify parents and obtain consent before collecting any personal data, and that even with parental consent, storage of any data on a minor can't be stored longer than is "reasonably necessary," according to the FTC. The FTC said it found Microsoft retained children's data from 2015-2020, often collected from Xbox accounts without parents' permission.
The FTC has proposed an order in coordination with the Department of Justice asking that in addition to the fine, Microsoft must extend COPPA protections to third-party game publishers in the Xbox ecosystem, the FTC added. Regulators also specifically outlined that a child's image, biometric and health information captured by Xbox are likewise covered by COPPA rules.
"Our proposed order makes it easier for parents to protect their children's privacy on Xbox, and limits what information Microsoft can collect and retain about kids," Samuel Levine, Director of the FTC's Bureau of Consumer Protection said in the Microsoft fine announcement. "This action should also make it abundantly clear that kids' avatars, biometric data, and health information are not exempt from COPPA."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024