Epic to Pay $520M to Settle FTC Children's Privacy Allegations
Epic Games violated children’s privacy law and used dark patterns to trick millions of gamers into making unintentional purchases, the FTC said Monday in a record-breaking $520 million settlement with the Fortnite creator.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Epic will pay $275 million for violating the Children’s Online Privacy Protection Act as part of a proposed order DOJ filed in federal court, and $245 million for the gaming charge allegations, the agency said. The agency said $275 million is the largest penalty ever recouped for violation of an FTC rule, and $245 million is the agency’s largest refund in a gaming case. Epic, a North Carolina-based company with more than 400 million global users, accepted the agreement because it wants to be at the “forefront of consumer protection,” the company said in a statement. Epic said statutes “written decades ago don’t specify how gaming ecosystems should operate. The laws have not changed, but their application has evolved and long-standing industry practices are no longer enough.”
Epic “used privacy-invasive default settings and deceptive interfaces that tricked Fortnite users, including teenagers and children,” said FTC Chair Lina Khan in a statement. “Protecting the public, and especially children, from online privacy invasions and dark patterns is a top priority for the Commission, and these enforcement actions make clear to businesses that the FTC is cracking down on these unlawful practices.”
The commission voted 4-0 to approve the agreement. Commissioner Christine Wilson issued a concurring statement, saying she’s “comfortable” with the FTC’s use of its unfairness authority in the case and supports the agreement’s “groundbreaking injunctive relief requiring privacy-protective settings for children and teens.” Wilson said she has “reason to believe that Epic Games knew that its products and/or services presented a substantial risk of harm and did not take simple steps to address that risk.” The agency said the agreement includes a “first-of-its-kind provision” requiring Epic to “adopt strong privacy default settings for children and teens, ensuring that voice and text communications are turned off by default.”
Epic knew “many children” were playing Fortnite and collected personal information on the children without obtaining parental consent, the agency alleged. Epic enabled text and voice communications to be turned on by default, the agency said: This along with Epic matching young users with strangers to play Fortnite exposed children to bullying, threats, harassment and psychological harm including suicide, the agency said. The FTC said Epic employees warned the company as early as 2017 to “change the default settings to require users to opt in for voice chat.”
The company’s dark pattern tactics led to hundreds of millions of dollars in unauthorized charges for users, the agency said. It detailed one example in which “players could be charged while attempting to wake the game from sleep mode, while the game was in a loading screen, or by pressing an adjacent button while attempting simply to preview an item.” The company allowed children to rack up gaming purchases without parental consent, which is similar to activity in cases against Amazon, Apple and Google for in-app purchases, the agency said. The FTC alleged Epic locked users out of their purchased content during disputes and warned users they “could be banned for life if they disputed any future charges.”
“We share the underlying principles of fairness, transparency and privacy that the FTC enforces, and the practices referenced in the FTC’s complaints are not how Fortnite operates,” the company said. “We will continue to be upfront about what players can expect when making purchases, ensure cancellations and refunds are simple, and build safeguards that help keep our ecosystem safe and fun for audiences of all ages.”
“Firms cannot put growth and revenue over the safety and privacy of their users, especially children and teens,” Khan tweeted.
The lawsuit “proves we need stronger online privacy protections for children and teens,” said Senate Commerce Committee Chair Maria Cantwell, D-Wash., in a statement. “Kids were bullied, harassed, and threatened because Epic designed its games to let them communicate with strangers from all over the world. It’s time for Congress to step up for kids and protect them from online harms and to make sure we have a stronger FTC to enforce against bad actors.”
“An entire ecosystem of companies is monetizing young people’s attention and manipulating them as part of their business model,” said Sen. Ed Markey, D-Mass., in a statement. He urged Congress to pass legislation to update how regulators handle children’s and teens’ privacy. Cantwell, Markey and Sens. Marsha Blackburn, R-Tenn., and Richard Blumenthal, D-Conn., have been trying to attach children’s privacy provisions to Congress’ omnibus spending bill. Blackburn’s office told us last week she and Blumenthal “have spoken to leadership, as have the families and young people, about moving the Kids Online Safety Act forward this year through all viable legislative paths.” Markey is pushing for provisions from his Children and Teens’ Online Privacy Protection Act (COPPA 2.0) in must-pass omnibus legislation.
Platforms that cater to younger users have a responsibility “not to target them with deceptive interfaces that manipulate them into ceding their personal information or making unwanted purchases,” Senate Intelligence Committee Chairman Mark Warner, D-Va., said in a statement. He urged passage of his Deceptive Experiences to Online Users Reduction (Detour) Act (see 2207270057).