The Justice Department, together with the Federal Trade Commission (FTC), announced today that the United States has resolved a case against Microsoft Corp. regarding its practices for collecting and retaining personal information from children who use Microsoft’s Xbox Live service.
The stipulated order issued by the court today requires Microsoft to pay $20 million in civil penalties and imposes injunctive relief to settle allegations that Microsoft violated the Children’s Online Privacy Protection Act (COPPA) and the Children’s Online Privacy Protection Rule (COPPA Rule) in connection with the Xbox Live service, which consumers use to connect online and with others through the Xbox brand of gaming consoles.
In a complaint filed in the U.S. District Court for the Western District of Washington, the United States alleges that Microsoft knew that certain users were children but nonetheless continued to collect personal information, such as telephone numbers, before notifying parents of Microsoft’s information collection practices and before obtaining parental consent. In addition, the complaint alleges that, while Microsoft provided some notice to parents, that notice was incomplete and thus failed to comply with the COPPA Rule’s requirements. Finally, the complaint alleges that in certain instances when children started but did not complete, creating Xbox Live accounts, Microsoft retained their personal information for longer than permitted by the COPPA Rule.
“It is essential that before collecting children’s personal information, online companies provide complete and timely disclosures about their information collection practices so that parents can make informed decisions,” said Principal Deputy Assistant Attorney General Brian Boynton, head of the Justice Department’s Civil Division. “The department and the FTC are committed to ensuring that companies comply with the laws specifically designed to safeguard the privacy of children.”
“This settlement requires Microsoft to clearly communicate with parents about their child’s data and sets up procedures to monitor Microsoft’s compliance with federal statutes regarding children’s online privacy. This work will make children safer online,” said U.S. Attorney Nick Brown for the Western District of Washington. “I commend Microsoft for quickly acknowledging it was illegally collecting and retaining personal data of children younger than 13, and for taking steps to fix the problem.”
“Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” said Director Samuel Levine of the FTC’s Bureau of Consumer Protection. “This action should also make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA.”
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.