Epic Games (Fortnite)
Issued by Federal Trade Commission (FTC) on 2022-12-19
What happened
The FTC ordered Epic Games to pay $275 million in penalties for violating the Children's Online Privacy Protection Act (COPPA) through its massively popular Fortnite game. The FTC found that Epic Games collected personal information from children under 13 without notifying parents or obtaining verifiable parental consent. Fortnite's default settings enabled real-time voice and text communications, exposing children to bullying, threats, and harassment. Epic also used manipulative 'dark patterns' in its item shop that tricked players, including children, into making unwanted purchases. The company made it deliberately difficult to cancel purchases and locked accounts of customers who disputed unauthorized charges with their credit card companies.
Articles violated
Lessons learned
Games and apps popular with children must implement COPPA-compliant age verification and parental consent mechanisms. Default communication settings for minors should be restrictive (off by default). Dark patterns in purchase flows — especially those targeting children — invite regulatory action. Companies must provide easy cancellation and refund processes. The FTC treats manipulation of children as an aggravating factor that leads to significantly larger penalties.
Source
View original decisionDisclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.
Get enforcement alerts for Technology
We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.