Epic Games, the maker of Fortnite, has agreed to pay a record-breaking $520 million to settle allegations brought by the Federal Trade Commission (FTC). The FTC had accused Epic of violating the Children's Online Privacy Protection Act (COPPA) and tricking players into making unwanted charges.
In the settlement, Epic will pay a $275 million penalty for violating COPPA and $245 million to refund consumers tricked into making unwanted charges. The FTC's complaint alleged that Epic violated COPPA by collecting the personal information of Fortnite players under the age of 13 without notifying their parents or obtaining verifiable consent from a guardian. Additionally, Epic had enabled real-time voice and text communications for children and teens by default, leading to some players being bullied, threatened and harassed.
In addition to the COPPA violation, Epic was also accused of using “dark patterns and billing practices” to trick players of all ages into making unwanted purchases and letting children amass unauthorized charges without any parental involvement. The FTC said that Epic used the “dark patterns” and unfair billing practices to deceive consumers and will now have to issue refunds of $245 million to consumers affected by the deceptive practices.
In response to the settlement, FTC Chairman Joe Simons said: “This record-setting settlement should make it clear to all companies under an FTC privacy order that they must comply with all aspects of the order or they will face severe consequences.” He also noted that the settlement will “provide strong incentives for companies to take their COPPA obligations seriously.”
The FTC also alleged that Epic locked the accounts of players who disputed unauthorized charges with their credit card companies, meaning they were blocked from accessing any content they had purchased. To address this issue, Epic will now be prohibited from doing this.
Up until 2018, Epic also allowed children to buy Fortnite in-game currency by simply pressing buttons without requiring any parental or cardholder action or consent. Epic will also be prohibited from locking the accounts of players who dispute unauthorized charges with their credit card companies.
The settlement also requires Epic to implement a comprehensive privacy program and to obtain independent privacy assessments every two years for the next two decades. Epic must also notify parents when it collects personal information from their children and obtain verifiable parental consent for the collection and use of personal information.
Conclusion
The record $520 million settlement is a reminder that companies have a responsibility to protect consumers, particularly vulnerable children, from harm. The FTC's action against Epic should serve as a warning to companies that violate consumers' privacy and mislead them into making unwanted purchases.