Microsoft agrees to resolve Xbox’s children privacy violations for $20M

The Hacker News reports that Microsoft will pay $20 million to resolve the Federal Trade Commission's allegations that it violated the Children's Online Privacy Protection Rule after compelling individuals younger than 13 to provide their names, birthdates, email addresses, and phone numbers to log on their Xbox gaming consoles. Microsoft has also been ordered under the proposed settlement to implement changes to its account creation process that would hinder children's data collection and storage, including the deletion of data should parental consent not be given two weeks after its collection. Third-party gaming publishers receiving children's data shared by Microsoft have also been subjected to the privacy protections. "Our proposed order makes it easier for parents to protect their children's privacy on Xbox, and limits what information Microsoft can collect and retain about kids. This action should also make it abundantly clear that kids' avatars, biometric data, and health information are not exempt from COPPA," said FTC Bureau of Consumer Protection Director Samuel Levine.