Securiti announces a $75M Series C Funding Round
ViewThe developer of the popular video game Fortnite, Epic Games, Inc., has agreed to pay a whopping $520 million fine to the Federal Trade Commission (FTC). The settlement follows FTC’s allegations that the company violated the Children’s Online Privacy Protection Act (COPPA) and misled millions of players into making unintentional in-game purchases through the use of dark patterns.
This settlement could have far-reaching consequences for the video games industry, as it sets a precedent for how online platforms should refrain from using dark patterns and only collect children’s data if authorized through parental consent. It could also encourage regulatory bodies in other jurisdictions to take a closer look at the practices of various digital platforms, especially those belonging to the video game industry.
In 2020, the FTC filed a complaint against Epic Games in federal court, alleging that the company violated COPPA by collecting personal information from children under 13 without notifying their parents or obtaining the parent’s verifiable consent. FTC also alleged that Epic violated the prohibition against unfair practices as imposed under FTC Act by enabling live voice and text communications for children and teenagers by default.
In a separate administrative complaint, FTC also alleged that Epic used dark patterns, such as “counterintuitive, inconsistent, and confusing button configuration” to manipulate users into making unwanted purchases. Moreover, FTC highlighted that Epic let children make in-app purchases while playing Fortnite, without any parental involvement or consent. Epic allegedly locked the accounts of users who complained to their credit card companies about the unauthorized charges. Even after unlocking such accounts, Epic cautioned consumers that if they contested any subsequent charges, they risked having their accounts permanently locked and consequently losing access to all purchased content. The FTC further stated that Epic deliberately obscured the cancel and refund features to make them more difficult to detect.
As a result of FTC’s action against Epic, two separate settlements set records:
In addition, Epic will be obliged to provide robust privacy default settings for children and teenagers, guaranteeing that voice and text communications are disabled by default. This is a first-of-its-kind requirement.
The $275 million penalty is the largest penalty ever obtained for violating an FTC rule. The $245 million refund is the FTC’s largest refund amount in a gaming case and its largest administrative order in history. This demonstrates a major shift in the regulatory landscape and signifies the willingness of regulators to impose non-compliance penalties.
According to the FTC:
"Protecting the public, and especially children, from online privacy invasions and dark patterns is a top priority for the [Federal Trade] Commission, and these enforcement actions make clear to businesses that the FTC is cracking down on these unlawful practices.”
In the proposed federal court order against Epic Games, amongst other directives, the following injunctions were made:
The rules applicable to digital interfaces, including online gaming platforms, are continually evolving, necessitating the re-evaluation of practices employed by game developers and other businesses. Businesses must ensure they are complying with evolving laws to steer clear of hefty penalties. In this regard, following are some tips for game developers subject to the COPPA to help them avoid non-compliance penalties:
The digital landscape is radically evolving, especially in light of recent technological advancements and concerns post-Covid-19 pandemic. It reveals that governments and regulators are beginning to see data privacy as a fundamental human right. Therefore, the need to protect consumers’ data, especially that of minors, has never been more crucial.
Securiti’s Data Controls Cloud framework enables organizations to discover dark patterns, protect data systems, establish sensitive data intelligence, govern access to sensitive data, analyze the impact of data breaches and respond promptly, automate individual data requests, automate data privacy obligations, analyze data lineage, and so much more.
Request a demo to see Securiti in action.
Get all the latest information, law updates and more delivered to your inbox
March 16, 2023
On March 2, 2023, the Biden-Harris administration announced its National Cybersecurity Strategy1 to secure the full benefits of a safe and secure digital ecosystem...
March 15, 2023
With the proliferation of data protection regulations globally over the last decade, organizations have been under unprecedented scrutiny regarding their resolve to ensure their...
March 13, 2023
The California Privacy Rights Act (CPRA) came into effect on January 1, 2023, formally amending and expanding the erstwhile California Consumer Privacy Act (CCPA)....
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
[email protected]
3031 Tisch Way Suite 110 Plaza West, San Jose,
CA 95128