Implementation of the GDPR by Microsoft

8.5.2018

Question for written answer E-002530-18
to the Commission
Rule 130
Kathleen Van Brempt (S&D)

In application of the General Data Protection Regulation (GDPR), Microsoft is blocking access to the Microsoft accounts of children under the age of 13, with the result that they can no longer play the games that they are accustomed to.

Children regain access only after they have received permission from one of their parents. That is a correct application of the GDPR. However, if parents wish to give that permission, Microsoft asks them to pay half a euro.

Even that is a common practice, used to check whether the person concerned is a real person and is genuinely an adult. However, it is also common practice to refund the half a euro. Instead, Microsoft places it in your ‘Microsoft wallet’. It can therefore only be spent on Microsoft products.

1. Is this a correct approach?

2. Is it permissible for companies to charge their customers in order to comply with the GDPR?

3. If not, will the Commission impose penalties, and must these sums be repaid?