Please E-mail suggested additions, comments and/or corrections to Kent@MoreLaw.Com.
Help support the publication of case reports on MoreLaw
United States of America v. Epic Games, Inc.
Case Number: 5:22-cv-00518
Judge: Terrence W. Boyle
Court: United States District Court for the Eastern District of North Carolina (Wake County)
Plaintiff's Attorney: United States Attorney’s Office
Description: Raleigh, North Carolina civil litigation lawyers represented Defendant accused of violating the Children’s Online Privacy Protection Act (COPPA), the Children’s Online Privacy Protection Rule (COPPA Rule), and the Federal Trade Commission Act.
The government alleged that Epic Games designed and marketed Fortnite for use by children. The government further alleged that Epic Games possessed actual knowledge that it collected personal information from children, including their names, email addresses, and identifiers used to keep track of players’ progress, purchases, settings, and friends lists. Epic Games nonetheless failed to notify parents that it was collecting children’s personal information and to obtain verifiable parental consent for that collection, as required by the COPPA Rule. The government further alleged that Epic Games maintained default privacy settings that were unfair under Section 5 of the FTC Act, in that the default privacy settings publicly broadcast child and teen Fortnite players’ display names and put children and teens in direct, real-time communication with adult Fortnite players.
“The Justice Department takes very seriously its mission to protect consumers’ data privacy rights,” said Associate Attorney General Vanita Gupta. “This proposed order sends a message to all online providers that collecting children’s personal information without parental consent will not be tolerated.”
“Parents have a right to know and to consent before companies collect their children’s personal information,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Department of Justice’s Civil Division. “The department is committed to enforcing the protections against unauthorized collection of information from consumers, particularly children.”
“As our complaint notes, Epic used privacy-invasive default settings that harmed young Fortnite players,” said FTC Chair Lina M. Khan. “Protecting the public, and especially children and teens, from online privacy invasions is a top priority for the Commission, and this enforcement action makes clear to businesses that the FTC is cracking down on these unlawful practices.”
“This historic civil penalty, totaling over a quarter-billion dollars, lays down a marker for online service providers everywhere,” said U.S. Attorney Michael Easley for the Eastern District of North Carolina. “The unauthorized collection of personal information from children online violates the law. The Department of Justice and the Federal Trade Commission have a strong partnership and are committed to deterring violations.”
In a proposed stipulated order filed today, Epic Games has agreed to pay $275 million in civil penalties, the largest civil penalty ever imposed for a COPPA violation. If approved by the court, the order will prohibit Epic Games from collecting personal information from children in a manner that violates the COPPA Rule. It will also prohibit Epic Games from using children’s personal information that was previously collected unless it obtains verifiable parental consent, and imposes compliance reporting obligations upon Epic Games. Further, the agreement requires Epic Games to maintain default privacy settings that protect children’s and teens’ privacy, to delete certain personal information of children that it previously collected, and to maintain a comprehensive privacy program that protects certain personal information.
This matter was handled by Trial Attorneys Michael Wadden and Josh Fowkes and Assistant Director Lisa Hsiao of the Civil Division’s Consumer Protection Branch. Andrew Hasty, James Trilling, and Amanda Koulousias represented the FTC.
Outcome: Epiic Games, Inc. agreed to pay $275 million and to stop violation the Children's Privacy Act.