Microsoft will comply with European Union (EU) General Data Protection Regulation (GDPR). The company has announced new parental consent verifications for child accounts on the continent ahead of the GDPR reinforcement.
The new regulations were adopted by the European Parliament in 2016 and will pass their enforcement deadline on May 25, 2018. In other words, companies have just over a month to get their compliance in order.
European authorities say GDPR was created to ensure companies deal with consumer data better. Like many aspects of European regulation, the reform is focused on tightening customer privacy. Since it was first passed, Microsoft has been working on its compliance and has now made the necessary changes.
The company has also employed a European Data Protection Office (DPO) and debuted a GDPR tool in February. Additionally, Microsoft already said its cloud products will comply with the reform.
Under the new authentication terms the company uses, child accounts will need a parent to provide consent for use of personal data. This will be in place for children under the age of 16, although EU member states can make the age lower down to 13 years.
The company says it thinks the verification will be adopted by the U.S. Children's Online Privacy Protection Act (COPPA) so it will be able to move it across its products.
“Using COPPA processes, we will prompt existing users to provide their country and date of birth. Users who are younger than the age of consent for their country will then be prompted for parental consent when they sign into their account during a short grace period.
To verify their child's account, parents will need to use a credit or debit card, or other payment instrument, for a 50-cent charge which will be credited toward an existing Microsoft account. This nominal charge also offers parents an extra step of protection to be aware of any misuse when reviewing their card statement.”
If an account is not properly verified it will be blocked. Microsoft points out new child accounts that are not verified within two weeks will be deleted permanently.