Microsoft · Microsoft Privacy Statement (Legacy)

Children's Data Collection and Parental Consent

High severity
Share 𝕏 Share in Share

What it is

Microsoft requires parental consent before children under 13 (or the applicable local age) can create a Microsoft account, and limits data collection for children's accounts in line with COPPA.

Consumer impact (what this means for users)

Parents should set up Microsoft Family Safety accounts for children under 13 to ensure parental consent requirements are met and to exercise rights to review and delete their child's personal data collected by Microsoft.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Log in to your Microsoft account at account.microsoft.com/privacy, navigate to your child's linked account under Microsoft Family Safety, and use the privacy dashboard to review and delete your child's personal data.

How other platforms handle this

Epic Games Medium

The Epic Services use technologies such as cookies, log files, and web beacons to automatically collect the types of information listed above. Some of these technologies may create small files or record-keeping tools stored on your device. These technologies help us recognize your device and collect...

LinkedIn Medium

You agree that you will not... Scrape or copy profiles and other data from our Services through any means (including crawlers, browser plugins and add-ons, and any other technology or manual work); ... Use bots or other automated methods to access the Services, add or download contacts, send or redi...

LinkedIn Medium

We collect data when you use, or visit services on, our Services, including when you're not logged in. This includes devices (e.g., device ID, browser type, operating system, IP address), locations (e.g., using IP addresses, GPS or Wi-Fi), and actions (e.g., feature use, clicks, views, search querie...

See all platforms with this clause type →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

If your child uses Microsoft products independently without parental oversight, their data may still be collected unless a family account with proper parental controls is in place, and parents have the right to access and delete their child's data.

View original clause language
Microsoft's products and services are intended for use by adults. When a child under 13—or under the applicable age of digital consent in their country—creates a Microsoft account, parental consent is required. Microsoft obtains verifiable parental consent or processes only limited data to provide the service. In the U.S., we collect only the data necessary to create and use the account for children under 13, consistent with the Children's Online Privacy Protection Act (COPPA). Parents can review and delete their child's data, and can refuse further collection, by contacting us or using the Microsoft Family Safety features.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates COPPA (15 U.S.C. §§6501–6506) and FTC COPPA Rule (16 C.F.R. Part 312), requiring verifiable parental consent before collecting personal information from children under 13 (FTC enforcement); GDPR Art. 8 and recital 38 (age of digital consent, 16 years unless member state sets lower, minimum 13); UK GDPR and ICO Age Appropriate Design Code (requiring 'best interests of the child' standard for all products likely accessed by under-18s); and CCPA/CPRA §1798.120 (opt-out rights for minors under 16). Enforcement by FTC (COPPA), EU DPAs, and ICO.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC has primary COPPA enforcement authority over the collection of personal data from children under 13 by online services operators.
    File a complaint →

Applicable regulations

EU AI Act
European Union
BIPA
Illinois, USA
CCPA/CPRA
California, USA
COPPA
United States Federal
CAN-SPAM
United States Federal
DMA
European Union
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
HIPAA
United States Federal
TCPA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
Microsoft Privacy Statement (Legacy)
Entity
Microsoft
Document last updated
March 5, 2026
Tracking information
First tracked
April 28, 2026
Last verified
April 28, 2026
Record ID
CA-P-002499
Document ID
CA-D-00001
Evidence Provenance
Source URL
https://www.microsoft.com/en-us/privacy/privacystatement
Wayback Machine
View archived versions →
SHA-256
9e697464d17b7148c787f07099c60e30370abb2b13a7f2a910f607e31ec13158
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-002499
Captured: 2026-04-28 08:11:57 UTC | SHA-256: 9e697464d17b7148…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/childrens-data-collection-and-parental-consent/
Accessed: April 29, 2026
Classification
Severity
High
Categories
Data collection

Other provisions in this document

Related Analysis