The multiplayer shooter Fortnite is a breakout hit among teens and children and a cultural phenomenon that has kids “flossing” everywhere they go. Yet this colorful and inviting beast apparently hides a sinister underbelly. After an investigation, the FTC has found Epic Games in violation of the Children’s Online Privacy Protection Act (COPPA).
Epic Games has agreed to pay more than half a billion dollars in combined fines for privacy violations and predatory practices in Fortnite. This is the largest fine COPPA has issued to date. This level of punishment is unprecedented, and has sent shockwaves through the gaming industry. Some fear, while others celebrate, this may indicate a greater shift in the industry as legislation tightens around privacy concerns and technological practices.
This isn’t the first time US legislation has stepped in to regulate the gaming industry, as legislators have cracked down on loot boxes, ESRB ratings, and enacted game bans in the past.
Epic Games Accused: What Did the Company Do, Exactly?
The two fines making up this massive penalty address the privacy and billing concerns separately. Split up, Epic Games has to pay $275 million for violating children’s privacy, and another $245 million for trickery charges. The FTC has ordered Epic Games to pay the second fine in the form of refunds to customers who were affected by its billing practices.
While it has agreed to pay the fines, Epic Games maintains its innocence and says it has started implementing changes to Fortnite.
Violating Childrens’ Privacy and Safety
The FTC’s complaint against Epic Games claims the company contravened COPPA by collecting personal information from Fortnite players aged 13 and under. The company collected this sensitive information without parents’ consent and didn’t notify them it was collecting this information either. In the legal complaint it filed, the FTC claims Epic Games made it difficult for parents to have their children’s data deleted and failed to honor some requests entirely.
A big part of the complaint is the federal agency’s issue with Fortnite having real-time voice and text chat communications on by default. It claims these should be automatically disabled for accounts used by children. The FTC also claims Fortnite paired children with adult strangers in online matchmaking who subjected them to threats, bullying, and harassment.
A statement from the FTC adds children were exposed to “dangerous and psychologically traumatizing issues such as suicide while on Fortnite.” Right now, this is a weighted statement as public concern grows over the mental health risks online games pose to children and teenagers.
Apparently, complaints from players and employees spurred Epic Games to add a mute button for voice chat, but made it difficult to find. Those aren’t the only deceptive layout choices the FTC has accused Fortnite of making.
Using Dark Patterns to Trick People Into Purchases
It’s become common to hear about children who have cost their parents hundreds of dollars in charges in online games like Fortnite. Usually, these charges can’t be reversed. The UK’s Digital, Culture, Media and Sport Committee held a parliamentary hearing on immersive and potentially addictive technologies in 2019 involving Fortnite about this specific issue. In its response, Epic Games said it doesn’t apply an age verification process.
Despite that claim, it’s common knowledge Fortnite’s player base skews towards the younger side. This apparently also hasn’t stopped Epic Games from implementing a counterintuitive and inconsistent layout which led to unintended purchases with the click of a button. According to the FTC’s complaint, this meant players could accidentally incur charges while activating the screen from sleep mode or during a loading screen, for example.
Regulators are accusing Epic Games of making use of dark patterns to trick users into making these purchases. Dark patterns is a design methodology where a developer creates a user interface with the intent to trick them into doing something they didn’t necessarily want. This type of manipulation is naturally especially effective on children, who are more easily taken in.
The complaint also says Epic Games used manipulative tactics to deter players from canceling unauthorized charges or requesting refunds. These unwanted charges on Fortnite have allegedly cost consumers hundreds of millions of dollars.
Protecting the public, and especially children, from online privacy invasions and dark patterns is a top priority for the commission. This makes clear to businesses that the FTC is cracking down on these unlawful practices.FTC Chair Lina M. Khan
Epic Games Denies Wrongdoing… but Settles Fine Payment
Epic Games has introduced some parental controls and privacy features since it launched Fortnite in 2017. This includes a feature requiring players under 13 in the UK to obtain verified consent from a parent in 2021. Regulators claim these changes aren’t enough to empower players to avoid harm.
According to a statement from Epic Games, the company didn’t intend to create a game that is harmful to its players. “No developer creates a game with the intention of ending up here,” it says. The statement goes on to say the company accepted the fine and proposed settlement because it wants to “be at the forefront of consumer protection and provide the best experience for our players.”
The settlement requires the company to adopt high-privacy settings for children and teenagers by default. This includes automatically turning off live text and voice chat — a requirement the FTC hasn’t made of any company before.
According to Epic Games, it’s already busy implementing these features, with the introduction of a new type of account for younger users called “cabined accounts.” This modified account type disables both live chat and in-app purchases by default. It then requires a parent’s email address before a player can turn the features on again.
Epic Games says it will automatically select cabined accounts for players who indicate they are under 13 (or the age of consent in their country).
Countries are Trying to Strengthen Protective Legislation
While more legislative oversight is necessary to protect consumers from abusive techniques like dark patterns, most measures, like these fines, are reactionary not preventative. Companies who are willing to implement privacy violating measures (or shady practices like dark patterns) are often willing to take the risk.
Epic Games is now out $520 million in fines, but it’s likely the company made much more than that through these practices. In 2021 alone, Epic Games made $5.7 billion in revenue – half a billion dollars is a drop in the proverbial bucket. It certainly wouldn’t be much of a deterrent for Epic Games or similar companies to continue applying underhanded practices.
What does this mean? More precautionary measures are necessary, not just from legislators, but also from consumers. If your child is playing online games, you can take steps to protect them from cyberbullies and swatting, as well as secure their privacy.
Along with applying parental controls and monitoring your child’s online activity and conversations, you can use security tools to protect their connection and devices. This includes antivirus software, multi-factor authentication, and a trustworthy VPN.
CyberGhost VPN reroutes your internet traffic through a secure 256-bit AES encrypted tunnel, and it also changes your IP address. This can provide other benefits while playing Fortnite, like protecting your connection from cyber attacks like DDoS or preventing Epic Games from tracking your activity via your IP address.