Microsoft Settles with FTC in Children’s Privacy Case for $20 Million Penalty

Microsoft can collect from children going forward,” said Andrew Smith, director of the FTC’s Bureau of Consumer Protection.

The FTC found that Microsoft’s Xbox Live online gaming service allowed children to create and customize profiles with personal information and photographs, all without parental consent. Microsoft then used this information to target children with ads. Additionally, Microsoft’s privacy policy stated that it would take steps to ensure that children’s information was not collected or used without parental consent, but it did not provide adequate notice or obtain verifiable parental consent.

Under the settlement, Microsoft will pay a $20 million civil penalty, which is the largest ever obtained by the FTC in a children’s privacy case. The settlement also requires Microsoft to implement a comprehensive privacy program, including designating an employee responsible for the program and obtaining biennial assessments from a third-party auditor.

In a statement, Microsoft said it has “long been committed to offering tools that help parents ensure that their children are enjoying technology in an age-appropriate manner, and today’s announcement is another important step in meeting that commitment.”

Overall, the $20 million penalty and new privacy program serve as a reminder to companies of the importance of complying with children’s privacy regulations and obtaining parental consent before collecting or using children’s personal information. It also highlights the responsibility companies have to ensure that their privacy policies accurately reflect their data collection practices.

Original Article: https://thehackernews.com/2023/06/microsoft-to-pay-20-million-penalty-for.html