Microsoft Fined $20M for Child Privacy Infractions

Microsoft was ordered to pay $20 million and take measures to assure child privacy, per a Monday U.S. Federal Trade Commission (FTC) announcement.

The issue concerns use of the Xbox Live Service by children under 13 years of age, who were able to create accounts prior to parental approval. The supplied information, such as "first and last name, email address and their date of birth," was delivered by Microsoft to "third-party" games companies, which also permitted the sending of promotional messages. Such information falls under the legal stipulations of the Children's Online Privacy Protection Act (COPPA).

The ability for games companies to send promotional messages to children occurred for about four years (2015 to 2019), while the practice of extracting personal information from children took place for about six years, between 2015 and "late 2021," according to the FTC's description.

Microsoft retained the children account data between 2015 and 2020, "even when a parent failed to complete the process" of authorizing the account, the FTC explained.

In addition to paying $20 million to the U.S. Treasury, Microsoft is being ordered to delete "all personal information" on accounts set up by children that did not have parental consent "within two weeks from the collection date," according to the U.S. Department of Justice's "proposed order" (PDF download). Microsoft must also notify game publishers that personal information was provided by a child, which then falls under COPPA protections.

According to the proposed order, which was signed by Microsoft President and Vice Chair Brad Smith, Microsoft "neither admits nor denies any of the allegations in the Complaint."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.