Microsoft To Pay $20 Million Settlement For Illegally Collecting Children's Personal Data (techcrunch.com) 15
Microsoft has agreed to pay $20 million to settle charges by the Federal Trade Commission (FTC) that it illegally collected personal information from children without parental consent and retained it for extended periods. TechCrunch reports: The federal consumer watchdog said Microsoft violated the Children's Online Privacy Protection Act (COPPA), the federal law that governs the online privacy protections for children under the age of 13, which requires companies notify parents about the data they collect, obtain parental consent and delete the data when it's no longer necessary. The FTC said children signing up to Microsoft's Xbox gaming service were asked to provide their personal information -- including their name, email address, phone number and date of birth -- which until 2019 included a pre-filled check box allowing Microsoft to share user information with advertisers. The FTC said Microsoft collected this data before asking for the parent to complete the account setup, but held onto children's data even if the parent abandoned the sign-up process.
"Only after gathering that raft of personal data from children did Microsoft get parents involved in the process," said FTC's Lesley Fair in a corresponding blog post. As a result, the FTC will require Microsoft to notify parents and obtain consent for accounts created before May 2021. Microsoft will also have to establish new systems to delete children's personal information if it hasn't obtained parental consent, and to ensure the data is deleted when it's no longer needed.
"Only after gathering that raft of personal data from children did Microsoft get parents involved in the process," said FTC's Lesley Fair in a corresponding blog post. As a result, the FTC will require Microsoft to notify parents and obtain consent for accounts created before May 2021. Microsoft will also have to establish new systems to delete children's personal information if it hasn't obtained parental consent, and to ensure the data is deleted when it's no longer needed.
Re: (Score:2)
Re: (Score:2)
Yeah,that's the FTC encouraging every company to continue business as usual.
fuck fines. JAIL TIME. (Score:5, Insightful)
this culture will not change until we start seeing the decision makers in jail.
Re: (Score:2)
Let me introduce you to the concept of two sets of rules. You know the rules, don't you? They are in this multi-volume set that sit in shelves in lawyers' offices. Get with the program. Don't worry about the other set.
Re: (Score:2)
Fines would work, IF they had a minimum of "twice the calculated value of the offence's profits plus an estimate of whatever we figure they've gotten away with and not been caught at yet".
20m? Have legal get accounting to cut a check.
Profit (Score:5, Insightful)
1) Collect children's data
2) Sell it for $80 million
3) Pay a fine of $20 million
4) Profit!
Seriously, $20 million is like, I dunno, 10 minutes profit for them, they'll do this all day long while laughing at the FTC.
Re: (Score:1)
Seriously, $20 million is like, I dunno, 10 minutes profit for them, they'll do this all day long while laughing at the FTC.
Closer to 30 minutes of their profit actually, but you got the right order of magnitude.
And the EC? (Score:1)
Is this a joke? (Score:2)
That is probably less than thay spent on coffee when implementing this feature, knowing fully well how illegal it was. What _actually_ needs to happen here is 5% of annual turnover as a fine, 2 years prison time for the decision makers and a credible threat of shutting down the company if they do it again. Of course in the US, where people worship the mighty God Mammon above all others, nothing like that will ever happen.
With these laughable fines, nothing will change.
Re: (Score:2)
knowing fully well how illegal it was.
To be upfront, I'm not saying Microsoft shouldn't have been held accountable for the situation. I'm also not saying they couldn't have done it intentionally. However, this feels more like a Hanlon's razor situation. The actual problem was the data retention bug. It was logging the user data, and not deleting it when the process was aborted. Obviously, it shouldn't have happened. However, bugs happen. The other part of the problem is the order in which they collect the data. In hindsight it's obvious to coll
How does this work? (Score:5, Interesting)
Let's say my 8 year old grandson comes over and uses my computer. Windows 10/11 is constantly spying on my computer. How do I turn that off when my 8 year old grandson is using the computer? It seems that at any point a child uses a Windows device they are breaking the law unless there is some way to completely disable telemetry. How is COPPA not applied in these situations?