Search
  • Derrick Morton

The Cost Of Data Privacy: How A Patchwork Regulatory Framework Impacts Video Game Creators


GETTY

Few of us can imagine a world without the internet. Our online presence has transformed into a mirror for our lives; it reflects who we are, where we live, our interests, purchases, bank statements and so on.


With our most personal information living on the internet, privacy policies have become an increasingly controversial topic. But are the privacy policies in existence today actually protecting the user and improving their experience? No, because the current state of patchwork privacy laws across the nation makes compliance unnecessarily challenging and costly for game developers and does little to actually protect our privacy.


Why Are Current Privacy Laws Problematic?


While there is significant interest in establishing unified privacy law in the U.S., we have yet to see a proposal that garners widespread bipartisan support. This has led some states to create and enact their own data protection laws. Seems simple enough, right? Think again.


A patchwork of privacy laws means that regulatory schemes from state to state can conflict with each other, confusing consumers and imposing astronomical costs on organizations to keep up with varying compliance standards. Game developers now need to ensure compliance for users that are spread across the nation, with different data protection regulations in different places.


The GDPR became fully enforceable in 2018, becoming the first domino in a chain of costly compliance impacts. While it addressed major tech companies that historically dealt with, and made money off of, user data, the collateral damage was significant for small businesses and game developers. Entry into the market became nearly impossible for up-and-coming developers. Some developers without the budget and bandwidth to comply have chosen to shut down operations. Many just ignore it to avoid the cost and hope to fly under the radar.


App developers and video game creators are now forced to allocate a large chunk of their budget to reconfigure games and user consent policies to avoid incurring massive compliance fines. Compliance is costly. When the GDPR was enforced, game developers were tasked with hiring lawyers to review new guidelines and advise on compliance, a process that can cost even small companies upwards of $50,000.


GDPR aside, with different regulatory schemes in different states, gaming companies are subject to multiple sets of rules. Every time that a new location enacts its own privacy law, a developer will be forced to spend thousands of dollars to have a lawyer review the law and advise on how to comply.


Compliance isn’t a one-time expenditure—it is both immediate and ongoing. Not only must developers incur significant cost to ensure privacy compliance at the outset, but their obligation to ensure continued compliance as regulations differ from state to state requires additional resources.


The Domino Effect


Mobile games can be quite profitable, and the industry is continuing to grow. According to an ironSource analysis, mobile gaming brought in more annual revenue last year than the music and film industries combined. Despite the growth the market has seen, keeping up with evolving, state-specific privacy policy has shown its potential to disrupt mobile app developers top to bottom, with businesses spending millions of extra dollars trying to find ways to work around these policies.


According to the Information Technology and Innovation Foundation (ITIF), it is estimated that, in the absence of Congress passing unified privacy legislation, the out-of-state costs of 50 such laws could exceed $1 trillion over 10 years, with at least $200 billion of that burden falling on small businesses.


Patchwork privacy policies can also worsen the user experience by making it harder for game developers to cater to their audience and personalize game design. Regulations have made it mandatory for game developers to require users to accept numerous prompts and verify consent. This multistep process degrades the user experience with constant interruption, which can cause users to either blindly accept prompts without fully reading them or to stop using the app altogether in a phenomenon known as “opt-in fatigue or consent fatigue.”


Currently, there are five states that have enacted comprehensive consumer data privacy laws, a signal of what’s to come for both businesses and end users, and it isn’t pretty. Along with increased compliance costs for startups and small businesses, costs will also increase for the consumer. If a game must comply with 50 different state laws, costs for the business would skyrocket, and so would the cost of the products consumers purchase from them.


Also, the internet would no longer offer a seamless experience if 50 states had different compliance requirements, as someone living in Colorado may not have the same access to apps or platforms as someone living in Florida.


Is Information Safer?


Despite the best intentions, a patchwork of state laws could actually make personal information less secure. When states have different regulations and requirements, hackers have more loopholes to potentially exploit. Also, the more companies are forced to budget to comply with different regulatory schemes, the more the budget for innovation and user upgrades diminishes.


A patchwork of privacy laws is not only difficult for businesses to navigate, but it essentially guarantees consumers have no visibility into how their user data is being collected and used. When the rules change across state lines, there is zero promise of transparency, leaving consumers to wonder.


Where We Go From Here


To sustain innovation in the gaming industry, we must continue to advocate for a unified, federal privacy policy that provides a framework for a more limited yet still effective regulation scheme.


A national standard will ensure that the rules of privacy and data protection are clear. It would provide the same road map, state to state, of how to comply. For businesses, costs of compliance would remain consistent, no matter where you and your consumer are based. Consumers would also have peace of mind knowing that no matter where they go within the U.S., their data protections are uniform.



2 views0 comments