The policy authorizes disclosure of children's account information to gaming console operators, app publishers on the Epic Games Store, professional advisors, and law enforcement for operational and protective purposes, and to additional third parties with parent/guardian permission for account linking and third-party sign-in.
This analysis describes what Unreal Engine's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the categories of third parties that receive children's personal information under COPPA's disclosure framework. The inclusion of app publishers on the Epic Games Store as recipients of child account information for operational purposes is operationally significant, as it means publishers whose games children download may receive child account data without requiring separate parental consent where Epic characterizes the disclosure as integral to service operation.
Interpretive note: Whether specific disclosures to app publishers and gaming console operators satisfy COPPA's operational necessity exception depends on the nature of each disclosure and is a regulatory determination, not solely an assertion within the policy.
Under this provision, children's account information is disclosed to gaming console operators and app publishers on the Epic Games Store as part of routine service operations, and to additional third parties only with parental permission. The agreement identifies these categories of recipients but does not enumerate all specific third-party recipients by name.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
If you do not have a social security number you may still be eligible to open a limited Revolut personal account. Depending on your immigration status, we may ask you to provide us with a copy of your supported U.S. visa and may limit your access to certain products and features.
In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal data may be transferred to a successor entity or third party as part of that transaction.
Monitoring
Unreal Engine has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We disclose a child's account information to third parties: (1) for purposes integral to the operation and protection of our Epic Services (e.g., to gaming consoles, publishers of games or apps acquired through Epic Games Store, professional advisors, and law enforcement), or (2) with a parent/guardian's permission (e.g., for account linking and signing into third-party services).— Excerpt from Unreal Engine's Epic Games Privacy Policy
1) REGULATORY LANDSCAPE: This provision engages COPPA's restrictions on disclosure of children's personal information (16 CFR 312.5) and GDPR's data sharing and controller/processor relationship requirements. The FTC enforces COPPA's limits on third-party disclosure without verifiable parental consent. The characterization of disclosure to gaming console operators and app publishers as integral to service operation is a legal conclusion that regulators may evaluate based on the specifics of each disclosure. 2) GOVERNANCE EXPOSURE: Medium. The policy's assertion that disclosure to gaming console operators and app publishers falls within the operational necessity exception to COPPA's consent requirements depends on whether those disclosures satisfy the applicable regulatory standard. App publishers on the Epic Games Store receiving child account information should be assessed as COPPA-covered operators or service providers. 3) JURISDICTION FLAGS: United States (COPPA, FTC enforcement), EU/EEA (GDPR Articles 26 and 28 regarding joint controllers and processors), and jurisdictions with national youth privacy laws. Publishers receiving child data from Epic's platform may independently trigger COPPA obligations in their own operations. 4) CONTRACT AND VENDOR IMPLICATIONS: App publishers and gaming platform partners receiving child account data from Epic should confirm whether they are treated as service providers with contractual data protection obligations or as independent operators under COPPA, as this classification affects their own compliance obligations. Data processing agreements should reflect the child data disclosure categories described in this provision. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should maintain an up-to-date sub-processor and third-party recipient register covering all categories of entities receiving children's account information. The basis for characterizing each disclosure category as operationally integral should be documented. Parental consent mechanisms for non-operational disclosures (account linking, third-party sign-in) should be audited to confirm they are functioning as described.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the categories of third parties that receive children's personal information under COPPA's disclosure framework. The inclusion of app publishers on the Epic Games Store as recipients of child account information for operational purposes is operationally significant, as it means publishers whose games children download may receive child account data without requiring separate parental consent where Epic characterizes …
Under this provision, children's account information is disclosed to gaming console operators and app publishers on the Epic Games Store as part of routine service operations, and to additional third parties only with parental permission. The agreement identifies these categories of recipients but does not enumerate all specific third-party recipients by name.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unreal Engine.