The US regulator FTC is holding Microsoft accountable for illegally collecting data from children. The Xbox maker isn’t the first gaming company to be pilloried by the FTC.
The unlawful collection of data from children is costing Microsoft dearly: The technology group has to pay a fine of 20 million dollars as part of a settlement with the US competition authority Federal Trade Commission (FTC). According to the FTC, the settlement still has to be approved by a federal court before it can go into effect.
Microsoft violated privacy policy
But why is the FTC pillorying Microsoft at all? The authority accuses the US company of having collected data from children when registering for the Xbox video game console without notifying their parents or obtaining their consent. The FTC argued that Microsoft had violated the Children’s Online Privacy Protection Act (COPPA). This is a law to protect the privacy of children on the Internet.
The policy was not to store data longer than 14 days if the creation process was not completed. This was to allow players to resume account creation from where it left off.
Some changes for children’s Xbox accounts
The group itself speaks of a technical problem, a “technical glitch”. This prevented the data from some child accounts from being deleted again, explained Dave McCarthy, corporate vice president for Xbox at Microsoft, in a blog entry. The company has now fixed the “glitch” and deleted the data. McCarthy said the data was never used, shared or monetized.
The US Department of Justice has now issued an instruction on behalf of the FTC, according to which Microsoft must introduce some changes. For example, Microsoft must inform parents in the future that a child account is associated with additional data protection requirements and involve parents in the creation of child accounts. For child accounts created before 2021, Microsoft is also required to obtain parental consent after the fact. The company also announced that it would improve its age verification systems.
Fortnite developer has to pay hundreds of millions of dollars
Microsoft’s million-euro fine is the FTC’s most recent settlement with a gaming company for violating privacy policies. In December 2022, Fortnite developer Epic Games agreed to pay a $520 million fine with the FTC, including $275 million for data breaches.
The regulator accused the company of collecting personal information from children under the age of 13 without obtaining parental consent. In addition, parents who request the deletion of their children’s personal data would have to overcome almost unreasonable hurdles. According to the FTC, the Battle Royale game’s default setting violated the privacy of children and young people by allowing live text and chat for players under the age of 18. This allowed minors to get in touch with strangers. “Children and teens have been bullied, threatened, harassed and exposed to dangerous and psychologically traumatizing issues such as suicide on ‘Fortnite,'” the FTC said.
Shortly before announcing the settlement with the FTC, Epic Games introduced special restricted child accounts with increased data protection requirements for its games Fortnite, Rocket League and Fall Guys. Underage players are only allowed to use certain features such as live chats or in-game purchases if the parents actively give their consent.
With information from Angela Göpfert, ARD financial editors