Blast Data Processing: DP and the games industry

Back in the 90s I was most definitely a Sega Kid, buying every piece of exploitative Sonic the Hedgehog merchandise I could find,  and humourlessly lecturing my Nintendo-owning friends about the merits of Blast Processing.  (Sega’s European marketing, incidentally, was carried out by Virgin Interactive – a Richard Branson company – which probably explains why it was so distinctive.)

As a grown adult I don’t play video games much anymore, but nevertheless gaming remains a very interesting industry, and unlike record companies, the games industry business model appears to be keeping pace with technology.

Mobile and web-based social game creators are driving down prices for basic games, but charging premiums for in-game virtual goods or premium content. This “freemium” model is generating good income streams, and small “freemium” companies are being targeted for acquisition by major developers such as Zynga or Electronic Arts.

Privacy risks
A typical small games company is probably focused on issues such as deciding whether or not license core intellectual property, keeping core programmers, and so on. It’s arguably less likely to be thinking about data protection. Yet data protection is an area which, if neglected, has the potential for severe financial and reputational risk – see for example the tumble in Sony’s share price following data breach revelations.

Games companies are now gathering volumes of data about their gamers that would have been inconceivable even a decade ago, including performance data (to help developers fix bugs), data which enables gameplay, password details, names, addresses, dates of birth, speech, photos, videos and so on.

Although companies seek to anonymise this information, it can still be considered personal data if it is reasonably likely that it could be used (now or in the future) to link with other information which identifies an individual. These treasure troves of data are becoming increasingly attractive targets for hackers.

Key data protection issues for gaming companies
Broad data protection and privacy issues that games companies need to be aware of include:

  • According to the ICO, parental consent is required if personal data is collected from children aged under 12;
  • Gamers must be informed in a clear and unambiguous way about when their data is being gathered, and the extent to which their personal data is being shared with third parties (such as providers of targeted advertising);
  • Companies shouldn’t hold more personal data than they need. For example, is holding the residential address of a gamer always necessary?
  • For a company to gather, control and ultimately process geolocation data, express consent should be positively obtained before the data is processed (that is, not obtained via a statement buried in Ts & Cs);
  • Compliance with the new laws on cookies (which Martin has been keeping up to date with), which may impact on cookies placed on a gamer’s browser or device; and
  • The enduring obligation to take appropriate technical and organisational measures against unlawful or unauthorised processing of personal data (as the quantity and sensitivity of personal data held by gaming companies increases, then the technical and organisational measures which they take to protect that data should be increasing also);
  • Keep abreast of the new data protection rules that are likely to come into force in Europe in the next few years – in particular, there are likely to be new obligations on gaming companies located outside the EU.

Some quick tips then, but remember – to be this good takes AGES.

0 Responses to “Blast Data Processing: DP and the games industry”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter: @BrodiesTechBlog feed

February 2012
« Jan   Mar »

%d bloggers like this: