IE 11 is not supported. For an optimal experience visit our site on another browser.

Microsoft to pay $20 million FTC fine over storage of Xbox information

A spokesperson for Microsoft, which owns the Xbox series of video game consoles, said the company “is committed to complying with the order.”
Microsoft France Headquarters
Microsoft's offices in Issy-les-Moulineaux, France.Chesnot / Getty Images

Microsoft has agreed to pay the Federal Trade Commission $20 million for collecting personal information on Xbox players younger than 13 and not properly informing parents.

A spokesperson for Microsoft, which owns the Xbox series of video game consoles, said that the company “is committed to complying with the order.” The settlement was announced Monday evening and must be approved by a federal court before taking effect. 

Xbox encourages players, including children, to sign up for a Microsoft “gamertag” account to play online. The company gathers information including players’ email addresses, first and last names and birthdays when they sign up. 

According to the FTC, Microsoft stored information from 2015 until 2020 on around 10 million people, including children, who started to create accounts and gave some information but never completed the process. 

The U.S. has few meaningful digital privacy regulations. One, the Children’s Online Privacy Protection Rule, requires for-profit companies to alert parents before storing information on children younger than 13 longer than necessary and to give parents the choice to prevent that information from being shared with third parties.

For children younger than 13, Microsoft offers a special type of account, which requires parental consent. But in the years that the FTC alleges the company violated the order, the Redmond, Washington-based tech giant only prompted players under the age of 13 to get their parents’ consent after they had already entered that other information. If a child never completed that sign-up process, the company stored that data indefinitely, the agency said.

A Microsoft spokesperson indicated that the issue was unintentional, and referred to the storing of information on users who didn’t complete the gamertag sign-up process as “a data retention glitch found in our system.” The company is working on a new identification and age validation system, the spokesperson said.

It wasn’t clear if Microsoft advertised to children who didn’t finish setting up their accounts. The spokesperson didn’t respond to questions about that practice. Until 2019, the gamertag sign-up form also prechecked boxes that said users agreed to promotional offers and to let Microsoft Advertising use their account information.