REGISTER LOGIN

Epic Games to Pay 520 Million Dollars over FTC Allegations of Child Privacy Violations and Unwanted Charges

16.03.2023

Contents

The US Federal Trade Commission ("FTC"), in a recent decision regarding the developer of the Fortnite game, Epic Games Inc., (“Epic Games”), has determined that obligations arising from Children's Online Privacy Protection Act ("COPPA") have been violated. COPPA is a federal law that regulates the online information and privacy of children under the age of 13, also giving parents control over the information collected from their children online. The FTC has ordered Epic Games to pay a total of $520 million, $275 million in fines for violating COPPA and using design tricks known as "dark patterns" to steer millions of users towards unwanted purchases, as well as $245 million in refunds.

As a result of its investigations, the FTC has drawn attention to the following points.

Insufficient Parental Permission

During the investigations conducted regarding Fortnite, including the licensing/marketing processes of Fortnite toys and the company's communication channels, FTC came to the conclusion that Epic Games is aware that children under the age of 13 play Fortnite. In addition to this, it has been determined that personal data of children under the age of 13 is processed without appropriate parental consent, and that appropriate tools are not provided within the game for parents to request the deletion of their children's personal data.

Default Privacy Settings That May be Harmful to Children and Youth

The default settings within Fortnite allow users to engage in written and verbal communication. The decision states that sensitive age groups of Fortnite users, such as children, may be harmed as a result of these settings due to being matched with strangers. Additionally, the FTC has found that children and teenagers have been subjected to bullying, threats, dangerous and psychologically traumatic situations such as suicide. Although the developer had placed a button in the game in early 2017 to disable voice communication, it was deemed insufficient to protect children's privacy rights as it was not easily accessible to users.

As a result of all these evaluations, Epic Games was obligated to fulfill the following in addition to paying a fine of 275 million dollars for violating COPPA:

  • Parental consent must be obtained to store children's personal data, and personal data processed inappropriately without prior parental consent must be destroyed.
  • The default settings that allow written and voice communication should be changed to "closed"; parents of users under 13 should be prohibited from enabling written and voice communication unless they give their consent through the privacy setting, and users over 13 should be prohibited from enabling written and voice communication unless they give their own consent through the privacy setting.
  • A comprehensive privacy program that addresses the issues identified by the FTC should be established, and regular and independent audits should be conducted within Epic Games.

Encouraging Unwanted Purchases

Epic Games was fined for using design techniques called "dark patterns" to direct users to unwanted purchases, allowing children to make unauthorized purchases without parental or cardholder permission within the game, and blocking accounts of users who complain about unauthorized payments without fulfilling their requests. In addition, Epic Games has been instructed not to do the following:

  • Charging users using "dark patterns",
  • Requesting payment from users without obtaining their consent,
  • Blocking the accounts of users who dispute unauthorized payments.

As a result, the FTC, as in previous cases involving Amazon and Apple, has emphasized the use of "dark patterns" to facilitate unauthorized in-app purchases and important points regarding children's privacy rights. It can be argued that online service providers need to take more serious measures to prevent violations of children's privacy rights and unauthorized purchases on online platforms. Otherwise, we can say that we will continue to face high fines due to such violations.

Tagged with: Kavlak Law Firm, Burak Bayrak, Özge Keskin, Data Protection, Data Privacy

This website is available “as is.” Turkish Law Blog is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this website, and in no event shall they be liable for any loss or damages.

Popular Articles on Data Protection & Privacy

Kişisel Verileri Koruma Kurulunun 2023/134 Sayılı Kararı Doğrultusunda Tiktok Hakkında 1.750.000 TL İdari Para Cezası Uygulanmasına Karar Verildi
Data Protection & Privacy 2023 Guide for Turkey - 2
Data Protection & Privacy 2023 Guide for Turkey - 1
Epic Games, Çocuk Mahremiyeti İhlalleri ve İstenmeyen Ücretlerle İlgili FTC İddiaları Üzerine 520 Milyon Dolar Ödeme Yapacak
Guide to Direct Marketing Using Live Calls Published By ICO
Ready to stay ahead of the curve?
Share your interest anonymously and let us guide you through the informative articles on the hottest legal topics.
|
Successful Your message has been sent