Singapore-based Chinese video game developer Cognosphere, dba HoYoverse, known for “Genshin Impact,” a role-playing game involving collectible characters with unique fighting skills, has agreed to pay $20 million to settle Federal Trade Commission (FTC) allegations that it violated the Children’s Online Privacy Protection Act (COPPA) and deceived players about the cost of winning certain prizes.

Introduced in the U.S. in 2020, Genshin Impact was one of the first Chinese video games to go viral in this country.

The FTC alleged that the company collected children’s personal information without parental consent as required by COPPA. The FTC’s complaint stated that the company “shares device-related persistent identifier information and records of the player’s engagement, progress, and spending within the game with third-party analytics and advertising providers.”

Additionally, the game’s players pay real money for a virtual currency for the chance to win virtual prizes; however, the opportunities to win prizes are confusing and complicated and involve multiple types of in-game virtual currency with different exchange rates. The purchasing process obscures the reality that consumers must spend large amounts of real money to obtain 5-star heroes. As a result of the settlement, the company will introduce new age-gate and parental consent protections for children and young teens and increase its in-game disclosures related to its virtual currency and rewards for players in the U.S. In addition, it will also allow users to directly purchase content, using real money, from the game’s loot boxes and will cease misrepresenting the odds of loot boxes. The company must also restrict children under the age of 16 from purchasing loot boxes without parental consent.

Cognosphere, the distributor of Genshin Impact, released a statement in response to the settlement that can be viewed here.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.