Microsoft’s Violation of the Children’s Online Privacy Protection Act (COPPA)
According to the plaintiffs, Microsoft is under scrutiny for violating the COPPA rules, which state that all companies must notify parents of children under 13 years old about the data they intend to collect. The COPPA rule also requires companies to obtain consent from parents before collecting any data type from children and delete data acquired from these accounts after deeming it unnecessary for analytical purposes. Parental consent must be verifiable, and it’s up to each independent company to choose the suitable verification method to ensure these standards are met.
Microsoft failed to comply with these standard requirements and provide a safe platform for children. Until recently, children creating Xbox accounts were also required to provide personal information to play games on Xbox consoles. This included their legal name, date of birth, and email address.
Photo illustration: Freepik
As stated on the official FTC website, children under 13 had to include their phone numbers and agree to Microsoft’s service agreement as a part of the account creation process. This policy was effective up until late 2021. However, this is not where the Microsoft drama ends.
Another complaint suggests that from 2015-2020, Microsoft retained the data collected from children for longer than necessary, failing to meet the COPPA rule yet again.
Despite trying to resolve these matters by requiring children under 13 to involve parents in the account creation process, Microsoft stumbled upon new issues. The previously mentioned complaint went after Microsoft for lacking transparency, as it hasn’t adequately informed parents about the information they collect from users, including their profile pictures or avatars. In other words, Microsoft illegally collected a bunch of children’s profile pictures, which, again, doesn’t align with the COPPA rule.
Microsoft to Pay $20 Million Civil Penalty
Microsoft’s doings didn’t go undetected, as its noncompliance with the Children’s Online Privacy Protection Act resulted in a multi-million civil penalty. Furthermore, the court obliges this tech giant to request parental consent for all accounts created by children under 13 before May 2021. That is, if the account holder is still considered a child in the eyes of the law.
Source: Xbox
The next step for Microsoft would be to set up a system that will get rid of children’s personal data that is no longer useful to the company and collaborate with video game publishers so that they can take adequate measures to protect children using their services.
Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids.
Says Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.
In a recent post on the official Xbox website, Microsoft addressed the controversy and promised to commit to children’s online safety. The post also states that the company has updated its account creation process to comply with the COPPA rule.
We’ll continue to put players at the center – giving them full control over their online experiences and digital identities. We’ll continue to empower parents and caregivers to exercise appropriate oversight of the gaming experience for their children and families, in addition to tools like the Xbox Family Settings App and child accounts.