Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

    justmattgBy justmattgJune 7, 2023No Comments4 Mins Read

    [ad_1]

    Jun 07, 2023Ravie LakshmananPrivacy / Technology

    Privacy Breach

    Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents’ knowledge or consent.

    “Our proposed order makes it easier for parents to protect their children’s privacy on Xbox, and limits what information Microsoft can collect and retain about kids,” FTC’s Samuel Levine said. “This action should also make it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA.”

    As part of the proposed settlement, which is pending court approval, Redmond has been ordered to update its account creation process for children to prevent the collection and storage of data, including obtaining parental consent and deleting said information within two weeks if approval is not obtained.

    The privacy protections also extend to third-party gaming publishers with whom Microsoft shares children’s data, in addition to subjecting biometric information and avatars created from a children’s faces to the privacy laws.

    Cybersecurity

    Microsoft, per the FTC, violated COPPA’s consent and data retention requirements by requiring those under 13 to provide their first and last names, email addresses, dates of birth, and phone numbers until late 2021.

    Furthermore, the Windows maker is said to have shared the user data with advertisers by default until 2019 when consenting to Microsoft’s service agreement and advertising policy.

    “It wasn’t until after users provided this personal information that Microsoft required anyone who indicated they were under 13 to involve their parent,” the FTC said. “The child’s parent then had to complete the account creation process before the child could get their own account.”

    Microsoft, however, chose to retain data collected from children during the account creation step for years even in scenarios where a parent did not complete the signup process, thereby contravening child privacy laws in the U.S.

    The company has further been accused of creating a unique persistent identifier for underage accounts and sharing that information with third-party game and app developers and explicitly requiring parents to opt out in order to prevent their children from accessing third-party games and apps in Xbox Live.

    Xbox, in response, said it’s taking additional steps to improve its age verification systems and to ensure that parents are involved in the creation of child accounts for the service. It did not disclose the exact specifics of what such a system may be.

    UPCOMING WEBINAR

    🔐 Mastering API Security: Understanding Your True Attack Surface

    Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

    Join the Session

    It also blamed some of the issues to a technical glitch that failed to “delete account creation data for child accounts where the account creation process was started but not completed,” emphasizing that the data was promptly deleted and never “used, shared, or monetized.”

    This is not the first time a video game maker has been fined by the FTC over COPPA violations. In December 2022, Fortnite developer Epic Games reached a $520 million settlement with the agency in part for flouting online privacy laws for children.

    The fines come as Microsoft disclosed it anticipates fines to the tune of “approximately $425 million” from the Irish Data Protection Commission (DPC) in the fourth quarter of 2023 for potentially violating the European Union General Data Protection Regulation (GDPR) to serve targeted ads to LinkedIn users.

    The development also comes close on the heels of the FTC levying Amazon a cumulative $30.8 million fine over a series of privacy lapses regarding its Alexa assistant and Ring security cameras.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleSocial Engineering Gains Lead to Spiraling Breach Costs
    Next Article Barracuda Urges Immediate Replacement of Hacked ESG Appliances
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑