Regulations protecting consumers from microtransactions

Last updated

The following is a list of laws providing an overview of laws and regulations that aim to protect consumers from microtransactions .

Contents

Regulations in the United States

The Federal Trade Commission Act (FTC Act): The FTC Act prohibits companies from engaging in unfair or deceptive practices, including those related to in-app purchases. These practices include failing to clearly disclose the costs of purchases, making it difficult for consumers to cancel purchases, and encouraging mass spending. [1]

In recent years, the FTC has taken action against video game companies that engage in deceptive or unfair practices related to in-app purchases. For example, in 2014, the FTC settled with Apple over allegations that the company allowed children to make unauthorized in-app purchases without their parents' consent. As part of the settlement, Apple agreed to refund a minimum of $32.5 million to affected consumers that were billed for in-app purchases incurred by children. Apple was also required to modify its in-app purchase practices to ensure that users have a clear understanding of the costs associated with in-app purchases. [2] Similarly, in 2019, the FTC settled with video game publisher, Epic Games, over allegations that the company misled consumers about the cost of in-app purchases in addition to using dark patterns that encourage unintended in-game purchases in its popular game, Fortnite. As part of the settlement, Epic Games agreed to pay $275 million in refunds to consumers and to modify its in-game purchasing practices to ensure that consumers have clear information about the costs of in-app purchases. [3]

The Children's Online Privacy Protection Act (COPPA) regulates the collection of personal information from children under the age of 13 by online services, including video games. COPPA requires companies to obtain parental consent before collecting information from children, which includes information used to make online in-app purchases.

The Better Business Bureau's National Advertising Division (NAD): The NAD is a self-regulatory body that plays a role in protecting children from potentially deceptive and unfair practices related to microtransactions by reviewing advertisement claims for truthfulness and accuracy. The NAD has issued guidelines for video game companies that use in-app purchases, including requirements for clear and conspicuous disclosures of costs and the nature of the purchase. The guidelines also require video game companies to avoid misleading advertisements, such as baiting consumers into believing the benefits of in-app purchases or failing to disclose additional costs associated with the purchases. [4]

Regulations in Asia

Regulations in China

The Chinese Consumer Protection Law regulates consumer protection in China and places extremely strict guidelines, including those related to in-app purchases. The law requires companies to provide clear and accurate information about the cost and nature of in-app purchases. In 2016, all games published in China are required to go through a licensing and approval process through the National Press and Publication Administration (NPPA). The NPPA is extremely strict with loot boxes due to the similarities shared with gambling. Below is a list of restrictions enforced by the NPPA. [5]

  1. The contents within a loot box must be obtainable through other in-game means
  2. Activities that encourage compulsion loops are not allowed
  3. Game developers must disclose the percentage probability of obtaining an item from a loot box. These percentages must reflect reality. For example, an item with a 10% chance of dropping must drop within opening 10 loot boxes. This guarantees that a player would receive an item after opening a certain amount of loot boxes.
  4. A strict limit on how many loot boxes a player can open each day, with a clear in-game display notifying the player of that quantity.

Additionally, in 2019, the Chinese government implemented regulations that limits the amount of money players can spend on in-game purchases. The maximum amount ranged from $28 to $57 depending on age. [6]

Regulations in Japan

The Consumer Affairs Agency (CAA) has issued several self-regulatory measures to address several points of criticism in regards to in-game purchases in the form of gatcha mechanics. These regulations include the following. [7] [8]

  1. In order to address transparency concerns, game developers must disclose the probability of obtaining an item through gatcha mechanics.
  2. Game developers must have measures in place to prevent real money trading (e.g. in secondary markets).
  3. The prohibition of kompu gacha-like mechanics.
  4. The establishment of a regulatory committee in order to create more detailed guidelines and raise public awareness.

The Act against Unjustifiable Premiums and Misleading Representations regulates false advertising and misleading representations in Japan. Under this act, video game companies are prohibited from making false or misleading statements about the benefits of in-game purchases or gatcha mechanics. [7] [9]

The Payment Services Act regulates electronic payment services in Japan, including those used for in-app purchases. Under this act, payment service providers must obtain a license from the government and are required to comply with various regulations to ensure the security of consumer information and transactions. [10]

Regulations in South Korea

The Game Industry Promotion Act is a law that aims to promote the development of the video game industry while also protecting consumers from being manipulated. Under this act, the South Korean government has the power to conduct regular inspections on companies to ensure compliance. An amendment in the Game Industry Promotion Act now requires companies to disclose all probabilities in a loot box on all platforms, including the game, advertisements for the game, and the game's official website. [11]

Regulations in Taiwan

In 2022, the Consumer Protection Committee (CPC) reviewed and approved an amendment that created a set of guidelines in order to protect consumers from in-game purchases. These guidelines require game companies to disclose the draw probability of loot box rewards in order to affect consumers' transaction decisions. In order to present complete transparency, this amendment requires companies to disclose all odds as a percentage. In addition, the Department of Consumer Protection (DCP) has made an effort to raise awareness on in-game purchases, and advises consumers that buying loot boxes or purchasing in-game event will not guarantee specific rewards. The DCP also encourages consumers to read the drop rate information carefully to avoid excessive spending or impulse buying only to receive nothing in return. [12]

Regulations in the EU

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all businesses operating in the European Union (EU). Although the GDPR is not specifically focused on regulating microtransactions or in-game purchases, it regulates the collection and use of personal data. Under the GDPR, video game companies are required to obtain explicit consent from users before collecting and using their information. This information includes but is not limited to payment information, personal information, or purchase history used for in-game. [13] Video game companies must also inform consumers on how their information will be used, and must allow consumers to withdraw their consent at any time. The GDPR also gives consumers the right to access, rectify, and erase data collected on them. At any time, consumers can request video game companies to correct or delete information on them if that information is inaccurate. [14] [15]

The Consumer Rights Directive is a law that sets out a range of consumer protections related to online transactions. The directive provides the following protections for consumers in Europe. [16] [17]

  1. Clear and Transparent Information: Video game companies must provide clear and transparent information about the cost and nature of in-game purchases, including any recurring charges or subscriptions. This information must be provided in a way that is easy for consumers to access and understand.
  2. Explicit Consent: Before processing a transaction for an in-game purchase, video game companies must obtain explicit consent from consumers. This means that consumers must actively confirm that they want to make the purchase, rather than simply having the purchase added to their account automatically.
  3. Right of Withdrawal: Consumers have the right to cancel or withdraw from a purchase within 14 days of making it. This gives consumers the opportunity to review their purchase and protect them from impulsive decisions. It also gives consumers a chance to decide if the purchase is something they really want or need.
  4. Refund Rights: If a consumer cancels a purchase or withdraws from it, they are entitled to a refund. Video game companies must process these refunds promptly and without undue delay.

Related Research Articles

<span class="mw-page-title-main">Children's Online Privacy Protection Act</span> American federal cyber law in 2000

The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law, located at 15 U.S.C. §§ 65016506.

<span class="mw-page-title-main">Federal Trade Commission</span> United States government agency

The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) antitrust law and the promotion of consumer protection. The FTC shares jurisdiction over federal civil antitrust law enforcement with the Department of Justice Antitrust Division. The agency is headquartered in the Federal Trade Commission Building in Washington, DC.

<span class="mw-page-title-main">Greenwashing</span> Use of the aesthetic of conservationism to promote organisations

Greenwashing, also called "green sheen", is a form of advertising or marketing spin in which green PR and green marketing are deceptively used to persuade the public that an organization's products, aims and policies are environmentally friendly. Companies that intentionally take up greenwashing communication strategies often do so in order to distance themselves from their own environmental lapses or those of their suppliers.

<span class="mw-page-title-main">False advertising</span> Misleading content in advertisements

False advertising is defined as the act of publishing, transmitting, or otherwise publicly circulating an advertisement containing a false claim, or statement, made intentionally to promote the sale of property, goods, or services. A false advertisement can be classified as deceptive if the advertiser deliberately misleads the consumer, rather than making an unintentional mistake. A number of governments use regulations to limit false advertising.

Email marketing is the act of sending a commercial message, typically to a group of people, using email. In its broadest sense, every email sent to a potential or current customer could be considered email marketing. It involves using email to send advertisements, request business, or solicit sales or donations. Email marketing strategies commonly seek to achieve one or more of three primary objectives, to building loyalty, trust, or brand awareness. The term usually refers to sending email messages with the purpose of enhancing a merchant's relationship with current or previous customers, encouraging customer loyalty and repeat business, acquiring new customers or convincing current customers to purchase something immediately, and sharing third-party ads.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

<span class="mw-page-title-main">Magnuson–Moss Warranty Act</span> United States federal law governing warranties on consumer products

The Magnuson–Moss Warranty Act is a United States federal law. Enacted in 1975, the federal statute governs warranties on consumer products. The law does not require any product to have a warranty, but if it does have a warranty, the warranty must comply with this law. The law was created to fix problems as a result of manufacturers using disclaimers on warranties in an unfair or misleading manner.

Consumer protection is the practice of safeguarding buyers of goods and services, and the public, against unfair practices in the marketplace. Consumer protection measures are often established by law. Such laws are intended to prevent businesses from engaging in fraud or specified unfair practices to gain an advantage over competitors or to mislead consumers. They may also provide additional protection for the general public which may be impacted by a product even when they are not the direct purchaser or consumer of that product. For example, government regulations may require businesses to disclose detailed information about their products—particularly in areas where public health or safety is an issue, such as with food or automobiles.

The United States Commission's fair information practice principles (FIPPs) are guidelines that represent widely accepted concepts concerning fair information practice in an electronic marketplace.

In re Gateway Learning Corp, 138 F.T.C. 443 File No. 042-3047, was an investigatory action by the Federal Trade Commission (FTC) of the Gateway Learning Corporation, distributor of Hooked on Phonics. In its complaint, the FTC alleged that Gateway had committed both unfair and deceptive trade practices by violating the terms of its own privacy policy and making retroactive changes to its privacy policy without notifying its customers. Gateway reached a settlement with the FTC, entering into a consent decree in July 2004, before formal charges were filed.

Do Not Track legislation protects Internet users' right to choose whether or not they want to be tracked by third-party websites. It has been called the online version of "Do Not Call". This type of legislation is supported by privacy advocates and opposed by advertisers and services that use tracking information to personalize web content. Do Not Track (DNT) is a formerly official HTTP header field, designed to allow internet users to opt-out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of that data outside its context. Efforts to standardize Do Not Track by the World Wide Web Consortium did not reach their goal and ended in September 2018 due to insufficient deployment and support.

<span class="mw-page-title-main">General Data Protection Regulation</span> European Union regulation on personal data

The General Data Protection Regulation is a European Union regulation on Information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

<span class="mw-page-title-main">Chris Hoofnagle</span>

Chris Jay Hoofnagle is an American professor at the University of California, Berkeley who teaches information privacy law, computer crime law, regulation of online privacy, internet law, and seminars on new technology. Hoofnagle has contributed to the privacy literature by writing privacy law legal reviews and conducting research on the privacy preferences of Americans. Notably, his research demonstrates that most Americans prefer not to be targeted online for advertising and despite claims to the contrary, young people care about privacy and take actions to protect it. Hoofnagle has written scholarly articles regarding identity theft, consumer privacy, U.S. and European privacy laws, and privacy policy suggestions.

FTC v. Balls of Kryptonite is an enforcement action brought in 2009 by the U.S. Federal Trade Commission (FTC) in United States District Court for the Central District of California. The defendant was Jaivin Karnani, a Southern California man, his company Balls of Kryptonite LLC, and several other corporate names they did business as. In 2011 the FTC secured a court order barring Karnani and Balls of Kryptonite from engaging in many of the deceptive business practices that had brought him to the agency's attention.

A dark pattern is "a user interface that has been carefully crafted to trick users into doing things, such as buying overpriced insurance with their purchase or signing up for recurring bills". User experience designer Harry Brignull coined the neologism on 28 July 2010 with the registration of darkpatterns.org, a "pattern library with the specific goal of naming and shaming deceptive user interfaces".

<span class="mw-page-title-main">Loot box</span> Purchasable video game item containing random rewards

In video games, a loot box is a consumable virtual item which can be redeemed to receive a randomised selection of further virtual items, or loot, ranging from simple customization options for a player's avatar or character to game-changing equipment such as weapons and armor. A loot box is typically a form of monetisation, with players either buying the boxes directly or receiving the boxes during play and later buying "keys" with which to redeem them. These systems may also be known as gacha and integrated into gacha games.

The gathering of personally identifiable information (PII) is the practice of collecting public and private personal data that can be used to identify an individual for both legal and illegal applications. PII owners often view PII gathering as a threat and violation of their privacy. Meanwhile, entities such as information technology companies, governments, and organizations use PII for data analysis of consumer shopping behaviors, political preference, and personal interests.

Financial privacy laws regulate the manner in which financial institutions handle the nonpublic financial information of consumers. In the United States, financial privacy is regulated through laws enacted at the federal and state level. Federal regulations are primarily represented by the Bank Secrecy Act, Right to Financial Privacy Act, the Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act. Provisions within other laws like the Credit and Debit Card Receipt Clarification Act of 2007 as well as the Electronic Funds Transfer Act also contribute to financial privacy in the United States. State regulations vary from state to state. While each state approaches financial privacy differently, they mostly draw from federal laws and provide more stringent outlines and definitions. Government agencies like the Consumer Financial Protection Bureau and the Federal Trade Commission provide enforcement for financial privacy regulations.

The Age appropriate design code, also known as the Children's Code, is a British internet safety and privacy code of practice created by the Information Commissioner's Office (ICO). The draft Code was published in April 2019, as instructed by the Data Protection Act 2018 (DPA). The final regulations were published on 27 January 2020 and took effect 2 September 2020, with a one-year grace period before the beginning of enforcement. The Children's Code is written to be consistent with GDPR and the DPA, meaning that compliance with the Code is enforceable under the latter.

References

  1. "Federal Trade Commission Act". Federal Trade Commission. 2013-07-19. Retrieved 2023-04-15.
  2. "Apple Inc. Will Provide Full Consumer Refunds of At Least $32.5 Million to Settle FTC Complaint It Charged for Kids' In-App Purchases Without Parental Consent". Federal Trade Commission. 2014-01-15. Retrieved 2023-04-15.
  3. "FTC Finalizes Order Requiring Fortnite maker Epic Games to Pay $245 Million for Tricking Users into Making Unwanted Charges". Federal Trade Commission. 2023-03-14. Retrieved 2023-04-15.
  4. "National Advertising Division". BBBPrograms. Retrieved 2023-04-15.
  5. "Content Restrictions & Requirements For Games In China". www.appinchina.co. Retrieved 2023-04-15.
  6. "Explainer: Why and how China is drastically limiting online gaming for under 18s". Reuters. 2021-08-31. Retrieved 2023-04-16.
  7. 1 2 Schwiddessen, Baker McKenzie-Sebastian (2018-08-02). "Loot Boxes in Japan: Legal Analysis and Kompu Gacha Explained". Lexology. Retrieved 2023-04-16.
  8. "Consumer Affairs Agency". www.caa.go.jp. Retrieved 2023-04-16.
  9. "Japan: Act Against Unjustifiable Premiums and Misleading Representations Amended". Library of Congress, Washington, D.C. 20540 USA. Retrieved 2023-04-16.
  10. Hamada, Mori; Yukawa, Matsumoto-Masaki; Yoshino, Ryo; Ishikawa, Takanori (2022-02-03). "Spotlight: the payments framework in Japan". Lexology. Retrieved 2023-04-16.
  11. Obedkov, Evgeny (2023-02-28). "South Korea passes new amendment on loot box probability disclosure". Game World Observer. Retrieved 2023-04-16.
  12. "行政院全球資訊網". 2.16.886.101.20003 (in Chinese (Taiwan)). 2011-12-01. Retrieved 2023-04-17.
  13. "What is GDPR, the EU's new data protection law?". GDPR.eu. 2018-11-07. Retrieved 2023-04-17.
  14. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), 2016-05-04, retrieved 2023-04-17
  15. "Right of Access". General Data Protection Regulation (GDPR). Retrieved 2023-04-17.
  16. "Consumer rights directive". commission.europa.eu. Retrieved 2023-04-17.
  17. "New proposals announced on consumer rights across Europe". GOV.UK. Retrieved 2023-04-17.