Xbox FTC Settlement and Reimagining the Future of Safety on Xbox

At Xbox, we have the fundamental commitment to provide all players with a safe and secure experience on our platform – and this is especially true for our youngest players. We frequently iterate on our safety measures, in collaboration and with feedback from the community, regulators and partners. We recently entered into a settlement with the U.S. Federal Trade Commission (FTC) to update our account creation process and resolve a data retention glitch found in our system. Regrettably, we did not meet customer expectations and are committed to complying with the order to continue improving upon our safety measures. We believe that we can and should do more, and we’ll remain steadfast in our commitment to safety, privacy, and security for our community.

Our two decades of safety experience has taught us that all players want, and need, safety and privacy protections. Since 2005, when we launched the first console that could connect players online, we’ve continued to invest in tools and technologies to protect our community. That work evolved into a multifaceted safety strategy. Our suite of safety, privacy and security measures are designed to respect player privacy and safety, and empower players, as well as parents and caregivers, to have control over their gaming experiences.

Below we detail the changes we made to verify child accounts, however, our work on age validation doesn’t stop there. We see an opportunity to further advance safe digital experiences that are accessible, simple to use, and benefit all players. We are innovating on next-generation identity and age validation – a convenient, secure, one-time process for all players that will allow us to better deliver customized, safe, age-appropriate experiences. The long-term benefits will be felt by all players, especially children and their families. And while we see this as the future, we anticipate that the entire games industry will as well.

Over the coming months, we will test new methods to validate age and take feedback from our customers’ experience. The learnings from these trials will directly inform advancements in our player identity systems. We are incorporating Microsoft’s insights from across industries to develop a principled approach to secure digital identities that minimizes data collection, prioritizes security, and makes it easier for players to understand how their data is used.

We’ll continue to put players at the center – giving them full control over their online experiences and digital identities. We’ll continue to empower parents and caregivers to exercise appropriate oversight of the gaming experience for their children and families, in addition to tools like the Xbox Family Settings App and child accounts. Child accounts are built for underage players so that parents and caregivers can manage settings, privacy, spending and more. We will continue to be transparent and clear about the actions we take on our service, just as we did when we released our inaugural Transparency Report and second Transparency Report in May.

The Xbox community is our community – one we shape together. As we innovate and trial new experiences, we’ll work with the community to gather feedback so we can create a safer gaming experience together.

What the FTC settlement means for players

Since the FTC settlement, we have updated our account creation process, which now requires players to first identify date-of-birth and, if under 13 years old, obtain verified parental consent before providing us with any information such as phone number or email address. This updated process ensures that we can identify potential child accounts immediately and make clear to parents and caregivers the next steps to protect their children’s data and play safely on our network.

Over the coming months, players who are under the age of 13 and created an account prior to May 2021 will require parental reconsent – meaning a parent will be prompted to reverify the account and grant permission for their child to continue gameplay and activity on Xbox. We are committed to making this process as seamless as possible. We are working hard to ensure that when parents are prompted to reconsent, they will have the information needed to proceed without disruptions to their child’s access. To learn more about setting up a child account, please visit here.

During the investigation, we identified a technical glitch where our systems did not delete account creation data for child accounts where the account creation process was started but not completed.  This was inconsistent with our policy to save that information for only 14 days to make it easier for gamers to pick up where they left off to complete the process. Our engineering team took immediate action: we fixed the glitch, deleted the data, and implemented practices to prevent the error from recurring. The data was never used, shared, or monetized.

To more clearly explain what information we collect and how we use it, we updated our Microsoft Privacy Statement, including a dedicated section about how Xbox processes user data. We have also updated our home screen to have a clearly labelled link to the Microsoft Privacy Statement. This link also appears in each area of the service where personal information is collected. Microsoft also provides a privacy dashboard that shares with families what data is collected and used. Players can adjust their privacy settings at any time and child accounts are set to the strongest privacy settings by default. To learn more about Xbox’s privacy features, please visit here.

Additional resources for families

We want all parents, caregivers, and families to know that, more than anything else, we have their children’s safety and privacy top of mind. We will continue to communicate the changes we are making to our practices and the data we collect so we can better protect children using our platform. We also continue to explore creative ways to educate players about online safety.

This past Safer Internet Day, we released Minecraft’s Privacy Prodigy, aimed at teaching young people about privacy and how to safeguard their sensitive personal information. This world is the second chapter in the CyberSafe series, following last year’s release of Minecraft CyberSafe: Home Sweet Hmm, reaching millions of players, with unprecedented downloads of support materials underscoring the demand by teachers and families to teach these critical skills and integrate safer online practices daily. CyberSafe: Home Sweet Hmm and CyberSafe: Privacy Prodigy are both available for free on Minecraft: Education Edition and Minecraft Bedrock.

Our updated Xbox Family Hub shares information about creating a family group, managing child accounts, and helps parents and caregivers understand the safety measures we have in place, such as the Xbox Family Settings App.

For more information on Microsoft privacy, safety, and responsible gaming, please see the below list of resources:

Xbox Data Collection for Kids  

Microsoft Online Safety Guides

Microsoft Privacy for Young People

Related:
Xbox Releases Second Transparency Report Demonstrating the Integral Role of Proactive Content Moderation
Xbox Celebrates Safer Internet Day with Minecraft’s New Privacy-Themed Learning World and Safety Tips for Parents
Xbox Shares Community Safety Approach in Transparency Report