Privacy Protection
More video game companies are collecting greater amounts of personal information about their players in order to analyze marketing preferences and improve games. Meanwhile, players’ awareness to protect privacy is improving, and privacy supervision in most countries is getting stricter than before. However, with the development of technology, these gaming companies are creating various shortcuts to use customers’ privacy. For example, as early as 2005, XBOX used a surveillance system to monitor players’ special achievements in playing and gave players a special notice or a certain score in order to intrigue players.
How Gaming Companies Use Players’ Data
The surveillance system is still evolving. Gaming companies can collect data on how players use their systems and games in real-time. For example, when a player purchases a game, the gaming company could easily collect the information about the player’s name, address, phone number, and credit card information. Recently, the PS4 and the Wii may even collect biometric data such as facial features and weight. Gaming companies do have various “good” reasons to collect such data like the Wii using players’ weight to perfect WiiFit, the PS4 using facial features to build the connection between players. However, the main purpose of these gaming companies is to improve their products and increase profits. In fact, gaming companies can change their games based on their users’ data. For example, Candy Crush modified the level system because, according to the users’ data, players tend to quit at level 65. In this sense, Candy Crush changed level 65 easier and encouraged people to go further. This game finally received great achievement and was bought by Blizzard for $5.9 billion.
Protecting Players’ Privacy
There are many administrative measures to protect the player’s privacy, which includes rules of a data lifecycle, periodic privacy policy audits in accordance with different countries’ privacy regulations, and risk management. Companies often run a risk analysis and identify security risks within their agency to determine the probability and magnitude of occurrence and how they’re going to offset that risk.
The scale of a privacy group in a gaming company depends on the size of the company. However, no matter how many employees a company has, the privacy group should have a high authority to urge different departments to work together because the privacy group needs to coordinate with HR, IT, finance, legal, marketing, and many other departments in their company to solve a privacy problem. In order to increase different departments’ participation, the privacy group should have the power to send an agenda to different departments, call a meeting, and ask monthly reports from other departments.
The Data Lifecycle
Among administrative methods, rules of a data lifecycle are important. In fact, all data should be deleted at a certain point, and most gaming companies will agree that storing data that a gaming company does not need anymore is unnecessary. A gaming company should establish a data lifecycle and a data necessity checking method in the privacy policy. If a gaming company has a privacy policy, checking what data is no longer needed regularly is helpful both to erase useless data and to make players feel comfortable. A data lifecycle and a method to check will remove the unwanted data and limit the damage if the company is ever hacked.
Meanwhile, after being hacked, a gaming company that has a good data life cycle policy can save considerable money in the litigation. In litigation, the gaming company needs to produce all the documents required, and if all the data have been settled clearly under a certain formula, the gaming company can simply provide well-reviewed documents necessary for the litigation. For example, Blizzard provides data lifecycle in their privacy policy that Blizzard usually retains data for only as long as necessary to provide players with products, services, and an immersive entertainment experience, which means that Blizzard would delete unnecessary data as soon as possible.
In Ubisoft’s privacy policy, Ubisoft stores players’ personal data only as long as it is necessary to process it. For example, Ubisoft may retain certain information after players close their accounts for a period of time needed to protect Ubisoft from legal claims. In this sense, Ubisoft will use only archive players’ personal data during the relevant statutory period of limitations.
If you are still curious about what kind of documents you agree to when signing up for an online gaming account, speak with a contract review lawyer, like a contract review lawyer in Arlington, TX, for more information.
Thanks to Brandy Austin Law Firm, PLLC for their insight into how companies protect their users’ information in online video games.