Microsoft is in hot water after being hit with a $20 million fine by U.S. regulators over collecting biometric and personal data from children under the age of 13 who used the company’s popular Xbox game consoles. The Federal Trade Commission (FTC) recently disclosed the order, highlighting the need for improved protection of children’s data and privacy. This development serves as a wake-up call not just for Microsoft, but also for the tech industry as a whole.
The crux of the issue lies in Microsoft’s alleged violation of the Children’s Online Privacy Protection Act (COPPA), a federal law designed to safeguard children’s online privacy. The FTC complaint, pending approval from a federal judge, aims to strengthen the protection of children’s data and privacy on Xbox consoles, making it easier for parents to exercise control over their child’s personal information. By extending COPPA culpability to third-party game publishers who receive player data from Microsoft, the order holds the entire ecosystem accountable for safeguarding children’s data.
Samuel Levine, Director of the FTC’s Consumer Protection Bureau, emphasized the importance of this action in a prepared statement: “Our proposed order makes it abundantly clear that kids’ avatars, biometric data, and health information are not exempt from COPPA.”
Beyond the immediate consequences for Microsoft, this case highlights the need for stronger data protection regulations and underscores the responsibility of tech giants to prioritize user privacy. With advancements in technology and the proliferation of connected devices, concerns regarding data privacy have become paramount. Consumers, especially parents, are increasingly conscious of the potential risks associated with the collection, storage, and use of personal data—particularly that of their children.
Furthermore, this incident signals a growing trend of regulatory scrutiny on tech companies regarding their handling of user data. Governments and regulatory bodies worldwide are taking a closer look at privacy practices and enacting legislation to ensure the protection of individuals’ information.
The FTC’s just-released biometrics policy is a good example of such regulatory efforts. As laid out by the policy, companies are required to provide clear notice to consumers about the collection, use, and retention of their biometric information. Informed consent must be obtained, especially when dealing with sensitive data like biometrics, which includes unique physical or behavioral characteristics such as fingerprints, facial scans, or voiceprints.