Microsoft will pay a fine of $20 million to settle Federal Trade Commission charges that it illegally collected and retained the data of children who signed up to use its Xbox video game console.
The agency charged that Microsoft gathered the data without notifying parents or obtaining their consent, and that it also illegally held onto the data. Those actions violated the Children’s Online Privacy Protection Act, the FTC stated.
In a blog post, Microsoft corporate vice president for Xbox Dave McCarthy outlined additional steps the company is now taking to improve its age verification systems and to ensure that parents are involved in the creation of child accounts for the service. These mostly concern efforts to improve age verification technology and to educate children and parents about privacy issues.
McCarthy also said the company had identified and fixed a technical glitch that failed to delete child accounts in cases where the account creation process never finished. Microsoft policy was to hold that data no longer than 14 days in order to allow players to pick up account creation where they left off if they were interrupted.
The settlement must be approved by a federal court before it can go into effect, the FTC said.
Related: FTC Orders Chegg to Improve Security Following Multiple Data Breaches
Related: BetterHelp Shared Users’ Sensitive Health Data, FTC Says
Related: Meta Fined Record $1.3 Billion and Ordered to Stop Sending European User Data to US
Related: Blackbaud Fined $3M For ‘Misleading Disclosures’ About 2020 Ransomware Attack
