FTC fines Microsoft $20M for child privacy violations

The news: Microsoft will pay a $20 million fine to settle a Federal Trade Commission (FTC) complaint that the Xbox illegally collected and retained information about children without parental consent, violating the Children’s Online Privacy Protection Act (COPPA).

Zooming in: According to the FTC complaint, Microsoft’s Xbox account sign-up asked children under 13 for their name, date of birth, email address, and phone number, all before parents got involved in the process.

The FTC further criticized Microsoft for not adequately informing parents about the collection of additional data such as Player ID photos and gameplay data. Microsoft held on to the data for years, even if the account creation process was incomplete.

Regulation is intensifying: Microsoft is the latest Big Tech company to be called out for data privacy violations and mishandling of user data.

Lawsuits and fines could mean tighter data protection laws: All of the companies above have expanded their targeted advertising businesses and ostensibly repurpose customer data to improve the algorithms that serve ads on various platforms.

  • In the recent case against Microsoft, the $20 million fine represents 0.03% of Microsoft’s total revenue for the most recently reported quarter, per Ars Technica.
  • The violations that circumvent parental consent are particularly egregious to regulators and could lead to trust erosion, tarnished brand image, and market loss.

Key takeaway: Lack of transparency and communication over Microsoft’s gathering of children’s data could see Nintendo, Sony, and cloud gaming services grab Xbox’s market share.

"Behind the Numbers" Podcast