The Federal Trade Commission, in response to allegations that Epic Games violated the Children's Online Privacy Protection Act (COPPA) and used dark patterns (UI design tricks to deceive users) to trick players into making purchases, the company has agreed to pay fines and refunds totaling $520 million The company agreed to pay a total of $520 million in fines and refunds.

The settlement is twofold: Epic will pay a $275 million fine for violations of COPPA rules, the largest fine ever imposed for violations of FTC rules. As part of the agreement, Epic will also adopt "strong privacy default settings for children and teens," turning off voice and text communications by default.

The second part of the agreement is for Epic to pay $245 million to refund consumers affected by Fortnite's "dark patterns and billing practices," the largest refund ever obtained by the FTC in a video game matter. [FTC Chair Lina M. Khan said, "As our complaint states, Epic used default settings that violated privacy and a deceptive interface that fooled Fortnite users, including teenagers and children. Protecting the public, especially children, from online privacy violations and dark patterns is a top priority of the Commission, and this enforcement action is a clear signal to companies that the FTC is cracking down on these illegal practices."

The FTC has filed two separate complaints in federal court against Epic, first alleging that Epic, through Fortnite, "collected personal information from children under the age of 13 who played Fortnite, an online service for children, without notifying their parents or obtaining their verifiable consent . without notifying the parents or obtaining verifiable parental consent. It also alleged violations of the FTC Act's prohibition against unfair practices "by enabling real-time voice and text chat communications for children and teens by default." [The FTC stated that Epic knew that a large portion of the audience for "Fortnite" was children and did not take this seriously enough (obviously paraphrasing). Epic also stated that it "required parents who requested that their children's personal information be removed to follow unreasonable procedures, sometimes failing to comply with such requests."

This is exactly the kind of thing that should really set off alarm bells for regulators: the FTC also found that, along with the nature of the game, which matches players with strangers, the default settings are such that children and teens "may be bullied, threatened, or harassed, and may be at risk of suicide or other harm while playing Fortnite and exposed to psychological traumatic issues" while playing Fortnite.

Interestingly, one of the key pieces of evidence was Epic's own concerns: according to the FTC filing, as early as 2017, Epic employees had raised concerns internally about audience composition and default settings: "The company resisted turning off default settings. And while it eventually added a button that allowed users to turn off voice chat, Epic made it difficult for users to find it."

A darker side of the pattern is whether Fortnite tricked players into making purchases: the FTC found that thanks to "counterintuitive, inconsistent, and confusing button configurations," when launching the game from sleep mode, within loading screens, when previewing items The FTC also stated that the "counter-intuitive, inconsistent, and confusing button configuration" could cause players to be charged for pressing a single button, such as when starting the game from sleep mode, during the loading screen, or when trying to preview items.

Another contributing factor was that until 2018, checks for purchasing V-Bucks, Fortnite's in-game currency, were lax, allowing children to purchase V-Bucks once their accounts were linked to a payment method without their parents noticing. Similar claims have been brought against other major tech companies, most notably Apple and the App Store, in different contexts.

There is more. The FTC alleged that Epic, through its credit card company, locked the accounts of customers who disputed such charges directly, resulting in the unavailability of previously purchased content; even if Epic agreed to unlock their accounts, users were apparently warned that they risked being permanently banned from their accounts if they disputed the charges. The company "ignored" over a million user complaints and internal warnings and, according to the FTC, "intentionally obscured and made difficult to find cancellation and refund features."

Under the settlement accepted by the FTC, Epic will be barred from blocking customers who dispute fraudulent billing and will be prohibited from using dark patterns. Epic would also be required to seek affirmative consent before billing users. The proposed agreement will be published in the Federal Register in the coming days and will be open for public comment for 30 days.

This is a lot of information and a fair amount of background needs to be given before we get into Epic's response: first, this is almost a historic action; Epic has clearly improved its behavior in some respects and also dealt with successes that it was neither anticipating nor prepared for; second, Epic is a company that has been in the business for a long time and has been very successful. I must say. This does not excuse areas of unethical behavior such as the Dark Pattern, but the fact that the FTC and Epic have reached an agreement rather than going the adversarial route suggests that the publisher has realized, belatedly, that it made a mistake.

Epic's response comes in a statement announcing the settlement, preceded by an explanation of why this happened and what it plans to do about it.

"No developer creates games with the intention of ending up here," Epic's statement said, adding that the gaming industry is a fast-moving and innovative space, with "statutes [written decades ago] that do not specify how the gaming ecosystem should operate." He stated that it was just ahead of its time. The law has not changed, but its application has evolved, and longstanding industry practices are no longer sufficient."

Epic outlines several ways in which payment and reimbursement systems have changed, some changes made years ago, others more recently. This includes a "purchase hold" system to prevent users from accidentally making one-click purchases. Regarding the banning of accounts that dispute charges through their bank, Epic states that it has changed its chargeback policy to "consider scenarios that are not fraud-related and only disable accounts when fraud indicators are present." Under this policy, Epic stated that it has restored "thousands" of accounts that were previously banned.

Regarding the children's privacy aspect, Epic noted that "developers who create teen or mature rated games can no longer assume that they are not considered child-oriented in accordance with the U.S. Children's Online Privacy Protection Act (COPPA)." In other words, Fortnite is not a rated game. In other words, Fortnite was rated Teen and was intended for an older age group, but what was found was younger than expected.

In addition, newer measures are enumerated, including "Cabined" accounts for users under 13 and new default communication settings; Epic's list of youth-oriented features in Fortnite now includes:

The publisher notes that "the old status quo regarding in-game commerce and privacy has changed, and many developers' practices should be reconsidered." There is also a slight sense that Fortnite, as a gaming giant, is being held accountable not only for its own games, but for the broader industry. Fortnite is not the only title attracting young players and many children, but it is a symbolic example at this point, and Epic's statement makes it clear that other developers should view this example with extreme caution.

Tim Sweeney, Epic's CEO, has expressed vague resentment on social media that Epic was held responsible for the [The settlement] reflects cutting-edge U.S. regulatory practices, such as applying principles similar to the U.K.'s Age Appropriate Design Code to voice chat defaults, so developers need to look into this topic more closely," Sweeney said. In-app purchases are another hot topic, with "Affirmative Express Consent" strictly required for charges made with both real money and paid virtual currency.

The world's tiniest violin is now being played for Epic. The publisher may be right about elements of the FTC's complaint, but it is also being used as an example to push for the broader industry changes that regulators want. Other firms will be watching the magnitude of this settlement, and many development studios will be holding meetings tomorrow morning about default account settings and microtransaction pathways.

While the bottom line may ultimately be hurt, Epic has the money and the FTC ruling will not hurt Fortnite's popularity. The publishers are right that the gaming industry, through no fault of its own, has outpaced regulators and must deal with a decade-old statute that never envisioned an entertainment product like Fortnite. But as this shows, just because you are temporarily ahead doesn't mean you won't eventually catch up.