The GDPR Is Now in Effect: What Changed for Esports?

The EU’s General Data Protection Regulation went into effect officially on May 25. The new data protection rules are affecting almost every technology company in the world—that’s why you’ve been getting all those privacy policy updates—including esports. Our primer back in March gave an overview of the regulation and some brief examples of how it may affect esports. Here’s what we know of how the industry has adapted so far.

The bottom line: GDPR compliance is new and difficult, but carries substantial penalties for failing to adhere to it.

To begin with, some companies took initial steps before the deadline. Valve’s approach was to provide significantly higher privacy settings—things like an account’s game library hidden by default. Notably, this had a great negative affect on data firms like Steam Spy that used Valve‘s previously-lax privacy standards to build reports on gaming consumer trends and habits.

Since then, other esports developers have directly addressed the GDPR as well. Riot has a detailed FAQ page, including how it intends to comply with the new age of eligibility rules. Activision has set up a portal for European account holders to access a variety of requests in line with GDPR functionality. Even nondevelopers like FACEIT, an online tournament platform, have created detailed guides to explain the GDPR and how the site’s users can control how the company uses their data. Of course, each of these companies have updated their privacy policy to better align with the GDPR.

For other companies, the new rules have been too much to handle. Here’s Engadget’s David Lumb:

“Some older services and long-running games have been closed after companies determined the costs to update them outweigh the benefits. Uber Entertainment’s Monday Night Combat made just enough money to keep its servers going, but upgrading the Ubernet-based back-end to comply with GDPR wasn’t worth the cost, the game’s company CEO Jeremy Ables told Engadget. The company chose to shut the game down.

Likewise, Edge of Reality’s free-to-play shooter Loadout was shuttered because the company lacked the resources to update the aging game. Online gaming company WarpPortal announced it would close off service to EU players for the 16-year-old MMO Ragnarok Online on May 25th.”

Some esports companies had issues as well. Hi-Rez Studios, producer of Smite and Paladins, had noted issues with compliance. Finally, on May 30, the company sent out an email inviting users to view the new privacy policy, which “will take effect on May 25, 2018.” The actual policy’s URL, again confusingly, references May 24.

The bottom line: GDPR compliance is new and difficult, but carries substantial penalties for failing to adhere to it, in addition to public fallout should lax internal workflows allow compromised security. We encourage readers to browse this informative guide by esports lawyers Jas Purewal and Peter Lewin which details, among other things, ten tips for compliance.


About us

We provide business oriented transversal advisory services

At each stage from pre-regulatory work to post acquisition or partnership integration and towards industry game-changing innovations and technologies. Our expertise and network allow us to form ad hoc teams to meet each project challenges and achieve success.

Our organization relies on four axles: Reliance, Alliance, Convergence, Transformance.