$20 million FTC settlement addresses Microsoft Xbox illegal collection of kids’ data: A game changer for COPPA compliance

Care About COPPA Compliance may not be the coolest Xbox gamertag, but an FTC action against Microsoft for alleged violations of the Children’s Online Privacy Protection Act Rule suggests it might be a good choice nonetheless. Filed by the Department of Justice on the FTC’s behalf, the $20 million proposed settlement will require Microsoft to bolster privacy protections for kids who use its Xbox gaming system. The order also makes it clear that COPPA covers information like avatars generated from a child’s image, biometric data, and health data collected with other personal information – and reminds businesses that the Rule imposes strict limitations on the retention of data from kids.

Used by millions of gamers – many of whom are under 13 – Microsoft’s Xbox Live is an online gaming network that allows people to play through their Xbox Consoles. The FTC’s action focuses on three ways in which Microsoft allegedly violated COPPA: 1) by collecting personal information from kids under 13 before notifying their parents and getting parental consent; 2) by failing to tell parents about the information the company collects from kids, why it’s collecting that information, and the fact that it discloses some of the data to third parties; and 3) by retaining kids’ personal information for longer than is reasonably necessary.

Read the full news release