Punishment for Microsoft in the United States: the technology giant will have to pay 20 million dollars to face the charges presented by the Federal Trade Commission (FTC) in relation to the collection of data from minors. Specifically, the FTC singles out Microsoft for illegally collecting personal information from children without parental consent and, in some cases, for retaining it “for years.”

The regulator claims that Microsoft violated the Children’s Online Privacy Protection Act (COPPA), which regulates the online privacy protection of children under 13 years of age. This regulation requires companies to notify parents of the data they collect, obtain parental consent, and delete the data when it is no longer needed.

According to the FTC, children who signed up for Microsoft’s Xbox gaming service were asked to provide their personal information — including their name, email address, phone number, and date of birth — and as of 2019 included a pre-populated checkbox that allowed Microsoft to share user information with advertisers.

The FTC’s complaint is because Microsoft collected this data before asking parents to complete account setup, but retained the children’s data even after the parents exited the sign-up process: “Only after To collect that amount of personal data from children, Microsoft involved parents,” explains Lesley Fair of the FTC.

As such, the regulator will require Microsoft to notify parents and obtain parental consent for accounts created before May 2021. Microsoft will also have to put in place new systems to delete children’s personal information if it has not obtained parental consent. parents, and to ensure that data is deleted when it is no longer needed.

For his part, the head of Xbox, Dave McCarthy, has acknowledged that Microsoft “did not meet customer expectations” and has shown himself willing to “comply with the order to continue improving our security measures.”