On December 19, 2022, Epic Games, Inc. (“Epic Games”), one of America’s largest video game and software companies, announced that it reached a settlement with the U.S. Federal Trade Commission (“FTC”) that will require it to pay a total of $520 million dollars to resolve allegations of Epic Games’ violating federal privacy law and engaging in other unfair and deceptive privacy practices related to its popular video game known as Fortnite. The settlement involves two separate record-breaking amounts related to FTC enforcement actions.
First, Epic Games is required to pay a $275 million monetary penalty for allegedly violating the Children’s Online Privacy Protection Act (“COPPA”), which is the largest penalty the FTC has ever imposed for an alleged violation of a privacy-related rule. Under COPPA, companies are required to obtain verifiable parental consent before collecting personal information from children under the age of 13. According to the FTC’s allegations against Epic Games[1], Epic Games was aware that many children under the age of 13 were playing its popular Fortnite video game and yet, Epic Games collected personal information from such children without first obtaining parents’ verifiable consent. Moreover, the FTC alleged that Epic Games also instituted unfair default settings in its voice-chat and text chat communication features that resulted in harm to children and teens, including threats and sexual harassment. After learning of the allegations, Epic Games initially resisted calls to remove the voice-chat function from its default features and once the option to turn off the feature was implemented, it remained difficult to locate within the game. In addition to the monetary penalty, the FTC’s consent order will prohibit Epic Games from enabling voice and text chat communications for children and teens unless parents provide affirmative consent, require Epic Games to establish a comprehensive privacy program addressing the issues identified in the FTC’s complaint and require Epic Games to obtain regular, independent audits, among other things.
Second, Epic Games is required to pay $245 million dollars as a refund to individual consumers for the illegal dark patterns[2] and billing practices Epic Games allegedly engaged in with its popular Fortnite video game. In particular, the FTC filed a separate administrative complaint with the FTC that contained complaints of Epic Games using dark patterns to trick players into making unwanted purchases and, more specifically, allowing children to incur substantial unauthorized charges without any parental involvement.[3] In particular, the FTC found that Fortnite’s configurations allowed children (and other users) to incur charges simply by pressing buttons to wake the game up from sleep mode or pressing adjacent buttons in trying to preview certain items. Moreover, the FTC’s complaint states that until 2018, Epic Games permitted children to make in-game purchases by simply pressing buttons with no parental or card holder action or consent required before the purchases would be valid. The FTC also alleged that Epic Games subsequently ignored more than one million complaints it received from Fortnite users as well as repeated internal concerns about incorrect or unauthorized charges, and that if any Fortnite user disputed such charges with their credit card companies, Epic Games would then lock the user’s entire account, resulting in lost access to all prior in-game purchases.
The FTC’s enforcement action against Epic Games for the above-described practices serves as a reminder to all companies doing business in the U.S. that the privacy of its consumers, including children, is a serious matter. In fact, FTC Chair Lina Khan reiterated that “[p]rotecting the public, and especially children, from online privacy invasions and dark patterns is a top priority” for the FTC and the enforcement actions brought against Epic Games “make clear to businesses that the FTC is cracking down on these unlawful practices.”[4]
If you are concerned about or would like to have a Varnum Data Privacy & Mobility attorney review your company’s privacy practices as it relates to the applicable laws or privacy practices referenced above, please contact a member of Varnum’s Data Privacy Team.
20444557
[1] Complaint, Case No. 5:22-CV-00518, U.S. Federal Court of the Eastern District of North Carolina, available at https://www.ftc.gov/system/files/ftc_gov/pdf/2223087EpicGamesComplaint.pdf.
[2] See here for a discussion by Varnum Attorneys of “dark patterns”:https://www.varnumlaw.com/insights/trends-in-data-privacy-regulation-dark-patterns/.
[3] Complaint, Case No. 192-3203, FTC Commission, available at https://www.ftc.gov/system/files/ftc_gov/pdf/1923203EpicGamesComplaint.pdf.
[4] Federal Trade Commission, Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and Unwanted Charges, (December 19, 2022) available at https://www.ftc.gov/news-events/news/press-releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations.