Microsoft has agreed to pay a $20 million fine to settle charges regarding the illegal collection and retention of children’s data on its Xbox gaming console, according to a Federal Trade Commission press release Monday.
The company is accused of gathering and holding the data without parental consent, violating the Children’s Online Privacy Protection Act, which protects the privacy of children under the age of 13 and gives parents control over what information websites can collect from their kids, according to the FTC.
The $20 million settlement is subject to approval by a federal court, the FTC said.
As part of the order, Microsoft will be forced to strengthen privacy safeguards for children who use the Xbox system. Additionally, the order will expand the coverage of COPPA protections to include third-party gaming publishers that receive children’s data from Microsoft.
“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “This action should also make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA.”
Dave McCarthy, Microsoft’s corporate vice president for Xbox, outlined in a blog post the steps the company is taking to comply with the order, including enhancing age verification, privacy measures and parental oversight.
Microsoft also fixed “a technical glitch where our systems did not delete account creation data for child accounts where the account creation process was started but not completed,” McCarthy said.
In December, Epic Games, the maker of Fortnite, settled a similar case with the FTC concerning children’s privacy and deceptive payment practices. As part of the settlement, Epic agreed to pay $520 million in penalties and refunds.