Just in time for the holidays, the FTC has released two companion settlements resolving allegations that Epic Games (maker of the popular video game Fortnite) violated the Children’s Online Protection Act (COPPA) and the FTC Act, with Epic to pay $520 million in penalties and consumer redress. The cases build on existing FTC law and precedent but add new dimensions that should interest a wide array of companies subject to FTC jurisdiction.
Notably, the first case alleges COPPA violations (compromising the privacy and safety of users under 13) but adds allegations that Epic violated teens’ privacy and safety, too. And the second case alleges unauthorized in-app purchases – not just by kids, which was the focus of earlier FTC cases, but by users of all ages. Both cases rely on unfairness theories in extending their reach. Both incorporate the (now ever-present) concept of dark patterns (generally defined as practices that subvert or impair user choice). And both got a 4-0 Commission vote, with a strong concurrence from Republican Commissioner Wilson explaining her support for the FTC’s use of unfairness here. Neither case names any individuals.
The privacy case
The FTC’s privacy case alleges that, for over two years following Fortnite’s launch in 2017, Epic allowed kids to register with no parental involvement, and for kids and teens to play the game with features enabling them to communicate in real time with anyone on the platform. According to the FTC, these practices subjected kids and teens to bullying, harassment, threats, and “toxic” content, including “predators blackmailing extorting, or coercing children and teens…into sharing explicit image or meeting offline for sexual activity.” Further, says the FTC, Epic knew about these problems, resisted fixing them and, when it finally took action, added controls that were hard to find and use, and failed to cure the violations.