Once it was discovered that Microsoft had improperly acquired data on children who had created Xbox accounts, the tech giant is expected to make a $20 million payment to US federal officials.
On Monday, the Federal Trade Commission (FTC) and Microsoft came to an agreement that includes improved safeguards for young players.
The FTC discovered that Microsoft neglected to educate parents about its data collection policy, among other breaches.
It comes after a comparable move against Amazon last week regarding its Echo gadgets, the BBC reported.
According to the FTC, by failing to properly get parental consent and keeping personal information on children under 13 for longer than necessary for accounts created before 2021, Microsoft broke the Children's Online Privacy Protection Act.
Online businesses and websites that cater to children are required by law to acquire parental approval and notify the parent when personal information about their child is being gathered, the report informed.
To use several services on Xbox, customers must first register an account. As part of the setup, details including your full name, email address, and birthday are gathered.
The FTC also revealed that Microsoft did not request a parent's consent before gathering personal data, such as the child's phone number.
From 2015 to 2020, Microsoft retained data "sometimes for years" from the account set up, even when a parent failed to complete the process, the FTC said in a statement.
Microsoft failed to inform parents of the data it was collecting and sharing with third parties.
"Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures," Microsoft's Dave McCarthy, CVP of Xbox Player Services, wrote in an Xbox blog post.
"We believe that we can and should do more, and we'll remain steadfast in our commitment to safety, privacy, and security for our community," he added.
According to the settlement, Microsoft must institute new safety protections for children, which must be approved by a judge before they can go into effect.
Furthermore, the settlement also presses the company to maintain a system to delete all personal data after two weeks if no parental consent is obtained.
Previously, Amazon agreed to pay $25 million after the FTC discovered that it had kept sensitive data, including child voice recordings, for years.
Ring, an Amazon product that has a doorbell camera, has agreed to pay $5.8 million after giving staff members unrestricted access to consumer information.
OSIRIS-REx embarked on its mission in September 2016 and reached Bennu in 2018
Observations from James Webb Telescope suggested carbon dioxide originates from within ocean covered under ice
The image for the crypto token AstroPepeX was created by AI CroissantEth using OpenAI's DALL-E, a text-to-image AI...
Sample from Bennu asteroid will be landing on desert through capsule released by OSIRIS-Rex in Utah
The last one left died in captivity in 1936 after exposure at the Beaumaris Zoo in Hobart, Tasmania
Video was also captured by Parker Solar Probe of Nasa showing how probe rushed through violent activity of Sun