Child playing Fortnite, a game by Epic Games, on a mobile phone showing dark patterns and COPPA violations

Fortnite Maker Epic Games Hit With $520 Million in Fines, in Part for COPPA Violations

Epic Games has been in the news for its protracted legal battle with Apple over the alleged monopoly power it wields via its App Store, but the Fortnite maker is dealing with its own regulatory issues that now include a major fine for Children’s Online Privacy Protection Act (COPPA) violations.

The Federal Trade Commission has assessed Epic a total of $520 million in penalties, roughly divided between COPPA violations and the use of “dark patterns” to trick players into making in-game purchases. The fine is the largest ever levied by the FTC for violating these rules, and Epic is additionally being ordered to refund impacted customers and to make changes to its default privacy settings.

Fortnite maker fined over child privacy invasions and dark patterns

The fine for the COPPA violations was $275 million, with an additional $245 million for the dark patterns. The fines are the largest issued by the FTC short of the $5 billion civil penalty issued to Facebook for privacy violations in 2019. Both of the cases stemmed from complaints filed in North Carolina.

Much of the $245 million penalty will be going to refunds to gamers (of all ages) that may have been duped into in-game purchases by the Fortnite maker. The FTC said that these fines stemmed from the “counterintuitive, inconsistent, and confusing” button configuration that could cause charges to be issued with just a single button press. It was possible for this to happen in situations in which making a purchase would not be reasonably expected, such as waking the game from “sleep mode” or during a loading screen. The FTC says that hundreds of millions of dollars were collected via purchases that the player may not have intended to make.

FTC Chair Lina M. Khan said in a statement that the software default settings were “privacy-invasive,” and minors will now have voice and text communications turned off by default when using the platform. Having them enabled by default was found to be a violation of the FTC Act’s prohibition against unfair practices, specifically protections for those age 13 or younger. The Fortnite maker allowed minor players to be automatically matched with older gamers, providing unknown adults with direct lines of communication to them.

The chat issues were not the only component of the COPPA violations, however. The FTC said that the Fortnite maker was well aware that much of its player base consisted of minors, as demonstrated by its assorted marketing campaigns that focused on children. Nevertheless, it collected personal information that it should not have from all players without filtering by age, and when parents attempted to have this personal information deleted they were put through an onerous series of hoops and in some cases the requests were never honored.

An element that contributed to the large fine amount was records of Epic employees raising concerns about the way default settings were handled for minors, which dated back to 2017. The company also fielded reports of minors being harassed via chat while playing, including sexual harassment, but responded only by adding a button for turning off voice chat that was described as “difficult to find.”

Teenagers will be able to re-enable in-game chat under the new rules, but players age 13 or under will need to obtain parental consent to use the chat features. Epic faces independent regular audits to ensure the terms are being followed, and the FTC has indicated that child protection online is a top priority going forward.

COPPA violations, loose “V-Bucks” system end up costing Epic

It is unclear exactly how the Fortnite maker will handle refunds to players as of yet, but the focus appears to be on child players that were too easily able to purchase “V-Bucks” using a parent’s linked payment method due to the way the platform had the buttons set up.

The FTC cited complaints in which children “pressing buttons” had unwittingly racked up hundreds of dollars in charges on a parent’s card before they noticed that something was amiss. This aspect should not have come as a surprise to the Fortnite maker, as the FTC has an established history of fining tech companies for similarly making it too easy for kids to charge stored payment methods while playing mobile device games: Apple and Google were hit for multimillion-dollar settlements in 2014, and Amazon was similarly fined in 2017.

In addition to the COPPA violations, Epic was further cited for retributive activity against parents that challenged these charges, saying that they were sometimes threatened with an account lockout for filing disputes with their credit card company. And when Epic decided to reverse charges, it was sometimes accompanied by a warning that the user might be banned from the platform for contesting any future charges.

The FTC has assessed Fortnite maker Epic a total of $520 million in penalties, roughly divided between #COPPA violations and the use of #darkpatterns to trick players into making in-game purchases. #privacy #respectdataClick to Tweet

While these fines have not always been large enough to dissuade the giant tech firms, the Fortnite maker is not nearly as well-funded as the likes of Apple and Facebook. While it will not likely put Epic out of business, the fine represents a significant chunk of the company’s expected annual revenue of about $9.5 billion from Fortnite in-game purchases and the Epic Games digital download platform.

Epic has provided a public response on the FTC settlement.