Gaming companies might speed up to get ready for the EU privacy regulation, its new obligations and massive fines. The upcoming EU privacy regulation might be a “revolution” for the gaming sector, forcing both operators and suppliers to considerably change their model of business.
The gaming sector has exponentially relying on big data and the monitoring of the players’ experience in order to improve the players’ experience, reduce the number of potential frauds and avoid gambling addictive conducts. Also, the development of technologies enabling players to gamble with their Internet of Things and mobile devices further increased the amount of data collected and used in the gaming sector. Data has always been seen as a major resource.
However, such major resource might end up being a potential “ticking bomb” as it might trigger fines up to 4% of the global turnover of the breaching entity while up until now one of the largest fines issued in Europe was issued against Google and its value was ONLY EUR 1 million!
Too early to move?
The official approval of the regulation will occur by mid-2016, but will come into force 2 years after its publication on the Official Gazette. However, such timing does not have to be misleading. I have been talking to companies which believe that, given the required developing time, such timeframe might be too tight for them.
If gaming operators/suppliers want to exploit all the potentials of wearable technologies, analytics, big data etc., such technologies might be considered for instance to place considerable risks to individuals’ privacy. This means that a “privacy impact assessment” might be necessary and this process which might require more than a year of work.
Likewise, a privacy by design approach will not only be required under the terms of the EU Privacy Regulation, but represents the sole tool able to reduce the potential risk exposure to fines and liabilities.
Gaming will no longer be the same?
My personal experience is that the operators/suppliers are extremely careful when it comes to gaming regulatory obligations. However, privacy compliance has always been considered as a “nice to have” as opposed to a “must have“.
With the increase of potential fines, a cultural shift is taking place. Data protection has come to the top of the list of priorities for gaming operators/suppliers.
Also, the gaming market is per se international and in order to benefit from the changes introduced by the EU privacy regulation, a reorganization of an operator/supplier’s group might be necessary.