In two separate record-breaking settlements, the FTC said Epic will pay a $275 million penalty for violating the Children’s Online Privacy Protection Act (COPPA), and $245 million to refund consumers tricked into incurring unwanted charges.
In a federal complaint, the FTC had alleged that Epic violated the COPPA by collecting the personal information of Fortnite players under the age of 13 without notifying their parents or obtaining verifiable consent from a guardian.
It also said that Epic had violated the FTC Act by enabling real-time voice and text communications for children and teens by default, resulting in some players being bullied, threatened, harassed, and exposed to dangerous and psychologically traumatising issues.
Epic will now be prohibited from enabling voice and text communications for children and teens unless affirmative consent is provided through a privacy setting.
In a separate complaint, the FTC alleged that Epic used “dark patterns and billing practices” to trick players of all ages into making unwanted purchases, and let children amass unauthorised charges without any parental involvement.
“Fortnite’s counterintuitive, inconsistent, and confusing button configuration led players to incur unwanted charges based on the press of a single button,” the FTC said.
“For example, players could be charged while attempting to wake the game from sleep mode, while the game was in a loading screen, or by pressing an adjacent button while attempting simply to preview an item.”
Up until 2018, Epic also allowed children to buy Fortnite in-game currency by simply pressing buttons without requiring any parental or cardholder action or consent.
The FTC claimed that Epic ignored more than one million user complaints over players being wrongfully charged.
It also alleged that Epic locked the accounts of players who disputed unauthorised charges with their credit card companies, meaning they were blocked from accessing any content they had purchased. Going forward, it will be prohibited from doing so.
“As our complaints note, Epic used privacy-invasive default settings and deceptive interfaces that tricked Fortnite users, including teenagers and children,” said FTC Chair Lina Khan.
“Protecting the public, and especially children, from online privacy invasions and dark patterns is a top priority for the Commission, and these enforcement actions make clear to businesses that the FTC is cracking down on these unlawful practices.”
In a blog post addressing the FTC settlements, Epic claimed: “No developer creates a game with the intention of ending up here… We accepted this agreement because we want Epic to be at the forefront of consumer protection and provide the best experience for our players.
“Over the past few years, we’ve been making changes to ensure our ecosystem meets the expectations of our players and regulators, which we hope will be a helpful guide for others in our industry.”
It added: “The old status quo for in-game commerce and privacy has changed, and many developer practices should be reconsidered. We share the underlying principles of fairness, transparency and privacy that the FTC enforces, and the practices referenced in the FTC’s complaints are not how Fortnite operates.
“We will continue to be upfront about what players can expect when making purchases, ensure cancellations and refunds are simple, and build safeguards that help keep our ecosystem safe and fun for audiences of all ages.”