Fortnite developer, Epic Games, was charged a whopping $275,000,000 penalty in settlement fees in violation of federal children’s privacy rules. In addition, another $245,000,000 will be paid to consumers for exploiting manipulative practices in their billing process. This is the largest administrative order ever to be issued by the FTC.
“As our complaints note, Epic used privacy-invasive default settings and deceptive interfaces that tricked Fortnite users, including teenagers and children,” said FTC Chair Lina M. Khan. “Protecting the public, and especially children, from online privacy invasions and dark patterns is a top priority for the Commission, and these enforcement actions make clear to businesses that the FTC is cracking down on these unlawful practices.”
Background
Epic Games is the developer of the popular online video game Fortnite. Through the Fortnite gaming platform, Epic pairs children and teens with strangers worldwide, encouraging real-time communication by offering default-on settings fo voice and text chat features.
Fortnite is for all intents and purposes targeted to children, yet Epic failed to comply with COPPA’s rules for parental notice, consent, review, and deletion requirements.
In truth, Epic has improved its practices, but those changes have not remedied its violations of the law. The parental controls and privacy practices Epic has introduced have not meaningfully alleviated the harm done or reasonably empowered consumers to choose to avoid the infringement of their privacy rights.
According to the documentation provided by the FTC, the defendant continuously collected, used, and disclosed personal information from children younger than age 13 in violation of the COPPA rule by:
- Failing to provide notice on its website or online service of the information it collects online from children, how it uses such information, and its disclosure practices, among other required content
- Failing to provide direct notice to parents of the information it collects online from children, how it uses such information, and its disclosure practices for such information, among other required content
- Failing to obtain consent from parents before any collection or use of personal information from children
- Failing to provide, at the request of parents, a means of reviewing any personal information collected from children
- Failing to delete, at the request of parents, personal information collected from children
Ultimately, Epic’s pairing minors with strangers has caused substantial harm that was not reasonably avoidable by consumers. Victims have been bullied, threatened, and harassed within the gaming platform.
Back on Capitol Hill, there is a mounting need that feeds growing interest in an overhaul of privacy law, especially as the law applies to children.
