Epic Games Inc., the studio behind the massively popular Fortnite video game, was issued major fines by the FTC yesterday over alleged violations of the 1998 Children's Online Privacy Protection Act (COPPA).
Hit with two separate fines totaling over half a billion dollars, the company will be forced to pay $275 million for its COPPA violations. That number is the largest penalty ever posted for violating any FTC rule.
COPPA, which notes that children under the age of 13 must receive parental consent before being allowed to partake in data sharing, is seen as such a strict law that many digital businesses prohibit children under 13 from using their services at all--a move more practical in legal theory than in reality.
The FTC alleges that Epic Games both failed to notify parents and receive consent before collecting personal data from children and sometimes failed to honor parental deletion requests.
These failures, combined with the game's default settings turning on text and voice communications rather than requiring opt-in to use them, were the driving factors behind the historic fine.
The timing of the fine is also noteworthy, as although COPPA has been a federal law for over 20 years, California's new data privacy regulations, the CPRA, specifically strengthens privacy rights for minors. With the CPRA set to take effect January 1, 2023 and become enforceable within the year, this is a clear message from the U.S. that it takes children's privacy especially seriously.