The Federal Trade Commission’s (FTC) recent children’s privacy enforcement activity leaves no doubt businesses must make complying with the Children’s Online Privacy Protection Act (COPPA) a top priority.

COPPA, which took effect in 2000, prohibits commercial websites and online services from collecting, keeping, using, and disclosing the personal information of children under 13 years old, unless a parent approves.

Earlier this month, the FTC and Department of Justice (DOJ) fined Microsoft $20 million for allegedly violating COPPA through its Xbox video game platform. The agencies alleged from 2015-20 Microsoft collected children’s information, such as full names, email addresses, birth dates, and phone numbers, in the process of setting up their accounts prior to obtaining parental consent and held onto that information even when children didn’t complete the sign-up process.