Get All Access for $5/mo

Microsoft to Pay $20 Million Settlement for 'Illegally' Retaining Children's Information The Federal Trade Commission says Microsoft violated the Children's Online Privacy Protection Act (COPPA) by collecting children who signed up for its Xbox system's information and failing to obtain parental consent.

By Madeline Garfinkle Edited by Jessica Thomas

Opinions expressed by Entrepreneur contributors are their own.

VDB Photos | Shutterstock
Microsoft headquarters in Redmond, Washington.

Microsoft has been ordered to pay the Federal Trade Commission $20 million to settle charges of violating the Children's Online Privacy Protection Act (COPPA).

According to the complaint, the company "illegally" collected the personal information of children who signed up for the Microsoft-owned gaming system Xbox and failed to notify parents or obtain consent. Xbox requires users to sign up before accessing games on the system, meaning individuals must provide sensitive information such as first and last name, email address and date of birth.

Until late 2021, even users who were under 13 were prompted to provide information such as a phone number and agree to the system's terms of service and advertising policy — which, according to the complaint, consisted of a "pre-checked box" giving Microsoft permission to share data with advertisers until 2019.

Only after minors filled out the aforementioned information did the system require users who indicated they were under 13 to obtain parental consent to finalize the signup process. However, according to the FTC, Microsoft still retained data from children, sometimes "for years," even if parents didn't complete the signup process or give consent.

Related: FTC Says Facebook Violated 2020 Privacy Order, Proposes More Protections for Teens and Children

"Our proposed order makes it easier for parents to protect their children's privacy on Xbox and limits what information Microsoft can collect and retain about kids," Samuel Levine, director of the FTC's Bureau of Consumer Protection, said in a statement. "This action should also make it abundantly clear that kids' avatars, biometric data and health information are not exempt from COPPA."

In addition to the $20 million penalty, Microsoft will be required to make certain changes to the system to further protect children's information, including obtaining parental consent for children's accounts created before 2021, implementing systems to delete children's data within two weeks of collecting it and notifying gaming publishers that the user is a child before sharing personal information.

"Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures," Dave McCarthy, corporate vice president of Xbox, wrote in a blog post on Monday. "We believe that we can and should do more, and we'll remain steadfast in our commitment to safety, privacy and security for our community."

McCarthy added that children's accounts that did not have parental consent were not deleted because of a "technical glitch" and that "the data was never used, shared or monetized."

Related: Elon Musk Threatens To Sue Microsoft

Madeline Garfinkle

News Writer

Madeline Garfinkle is a News Writer at Entrepreneur.com. She is a graduate from Syracuse University, and received an MFA from Columbia University. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Growing a Business

How Connecting With the Right Audience Drives Long-Term Business Success

Here's how targeted lead generation can help you unlock higher conversions, stronger brand loyalty and scalable growth.

Business News

'You Own Nothing Here on Social': Meta Outage, Looming TikTok Ban Has Creators Questioning How Much of Their Business They Really Control

With repeated tech outages and a possible TikTok ban on the horizon, creators are looking for new ways to influence. Turns out, one old-school way still reigns supreme.

Leadership

Should I Stay or Should I Go? 8 Key Points to Navigate the Founder's Dilemma

Here are eight key signs that help founders determine whether to persevere or let go.

Starting a Business

They Bought an Ice Cream Truck Off eBay for $5,000. Now Their Company Has 70 Shops and Sells Treats in Over 12,000 Stores.

For the episode of "The Founder CEO," the co-founder and CEO of Van Leeuwen Ice Cream explains how one ice cream truck grew into a successful nationwide brand.

Marketing

Your Most Powerful Marketing Weapon Is Hiding in the Finance Department — Here's Why

Transform your marketing leadership by turning finance from a barrier into a strategic ally. Learn how aligning with your finance team can drive unprecedented growth and innovation.