Warning: *Privacy Not Included with this product
Microsoft's powerful Xbox X series and the smaller, cheaper S series bring games to you through their hugely popular Xbox Game Pass or just the old fashion way of buying them or sharing them with your buddy. Games like Halo, Forza, Starfield, Madden, and Elden Ring will keep you plenty busy. Unfortunately, Microsoft's Xbox raised some serious privacy concerns in 2023 that make us worry.
What could happen if something goes wrong?
If you want to give yourself a headache, spend some time trying to decipher Microsoft's super complicated and confusing privacy policies. On the other hand, don't, we've tried to do it here for you, to the best of our ability. Microsoft's privacy policy covers pretty much all of its products, from Outlook to Windows to Skype, Edge, Xbox, and Minecraft. That's a lot of products to cover broadly with one privacy policy. So, good luck sorting everything out.
Here's what we can tell you from our read of Microsoft's privacy policy in regards to Xbox -- your privacy might not be not included. The good news is, Microsoft says they don't sell your personal information. Yay! That's about where the good news ends though. Microsoft does say they can collect a good amount of data on you and your gaming habits. They go on to say they can go out and collect even more data on you from places like data brokers, social networks, partners, developers, and more and combine that data with data they have on you to do things like target you with more advertising or relevant products. That's not so good.
And here's the very bad when it comes to Xbox. The US Federal Trade Commission (FTC) filed a $20 million settlement against Microsoft in 2023 for alleged violations of the Children’s Online Privacy Protection Act. The problem is that Xbox was allegedly violating children's privacy by illegally collecting children's personal information when they signed up for Xbox services and failed to tell parents' about the full amount of data collected on kids under 13. And then Microsoft likely kept some of this personal information for way longer than they should have. Violating children's privacy laws is pretty bad. especially for a video game console lots of children use daily.
So, to recap, while Microsoft Xbox does not sell your personal data, Microsoft says they will use your data to target you with ads on Microsoft properties. Microsoft also says they might share your data with partners like Facebook and Yahoo to collect data about your online activity for advertising purposes, and to place their own ads. Finally, Microsoft says they can combine data with third parties, such as data brokers. Also, be aware, some of the games you play on the Xbox that are made by other companies might be collecting and sharing your data and their privacy policies would apply to your personal information. So many freakin’ privacy policies to just play games. All that, and Microsoft was required to cough up $20 million in 2023 for violating children's privacy laws.
What's the worst that could happen while playing Call of Duty on your Xbox? Well, Microsoft is going to know lots about what kinds of video games you play and when you play them. That info is then going to be used to target you with ads for lots more video game stuff. And that stuff all gets expensive. So, be prepared to go into the poor house by not being to resist all those ads you get. That's absolutely not the worst thing that could happen, but it's certainly something that is happening. Oh, and if you don't want to get hacked and have someone log into your Xbox account and buy a bunch of games at your expense, don't forget to set up two-factor authentication.
Tips to protect yourself
- Check out safety settings in Xbox
- Opt out of optional data sharing
- Set up two-factor authentication on your XBox account immediately
- Read XBox's Responsible Gaming guide for safety tips
- Go into Profile & system > Settings > Account > Privacy & online safety > Xbox privacy and adjust your privacy settings to your comfort level
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: No
App: Yes
Microphone
Device: No
App: Yes
Tracks location
Device: Yes
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
Your first and last name, email address, postal address, phone number, and other similar contact data; Data about you such as your age, gender, country, and preferred language; Data about your device, your device configuration, and nearby networks. For example, data about the operating systems and other software installed on your device, including product keys. In addition, IP address, device identifiers (such as the IMEI number for phones), regional and language settings, and information about WLAN access points near your device; Data about your device’s location, which can be either precise or imprecise. For example, we collect location data using Global Navigation Satellite System (GNSS) (e.g., GPS) and data about nearby cell towers and Wi-Fi hotspots.
Body related
Social
Data about your contacts and relationships if you use a product to share information with others, manage contacts, communicate with others, or improve your productivity. Information about your relationships and interactions between you, other people, and organizations, such as types of engagement (e.g., likes, dislikes, events, etc.) related to people and organizations.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In September 2023, 38TB of data were accidentally exposed by Microsoft AI researchers.
In September 2023, 60,000 emails were stolen from 10 State Department accounts.
In July 2023, Microsoft publicly disclosed that a group of Chinese hackers had spied on U.S. government agencies via a vulnerability in Microsoft’s cloud services.
In June 2023, it was decided that Microsoft would pay $20 million to settle Federal Trade Commission charges that it violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children who signed up to its Xbox gaming system without notifying their parents or obtaining their parents’ consent, and by illegally retaining children’s personal information.
In 2022, Microsoft's Server Misconfiguration Led to 65,000+ Companies' Data Leak.
Microsoft suffered a major hack that left their Microsoft Exchange email service vulnerable and exploited. That hack didn’t affect the privacy of the XBox directly. In December 2019, 250 million Microsoft internal customer service and support logs were exposed online.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Microsoft has one broad, general privacy statement that covers all of its products. This makes it very hard to find Xbox-specific info in the general Microsoft privacy statement. Microsoft's privacy policy is also quite confusing and hard to follow.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Strong password
Security updates
Manages vulnerabilities
Privacy policy
Dive Deeper
-
The Microsoft Xbox Live settlement: What it means for your child’s privacyFTC Consumer Advice
-
$20 million FTC settlement addresses Microsoft Xbox illegal collection of kids’ data: A game changer for COPPA complianceFederal Trade Commission
-
Microsoft to pay $20 million to settle Xbox Live privacy allegationsCNN Business
-
FTC Will Require Microsoft to Pay $20 million over Charges it Illegally Collected Personal Information from Children without Their Parents’ ConsentFederal Trade Commission
-
Chinese Hackers Breached Government Email Accounts, Microsoft SaysThe New York Times
-
Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer saysReuters
-
38TB of data accidentally exposed by Microsoft AI researchersWiz
-
How to Manage PlayStation, Switch, and Xbox Privacy SettingsNew York Times
-
PS5 vs. Xbox Series X: Security and Privacy Features ComparedIGN
-
Microsoft Security Shocker As 250 Million Customer Records Exposed OnlineForbes
-
Xbox Series X ushers in a fantastic change Microsoft hadn’t announced until now
Comments
Got a comment? Let us hear it.