Play, Pause, Proceed: Decoding Online Gaming Laws

Online gaming has evolved in various forms such as single-player games, team-based games, role-playing games, virtual/augmented reality games and more.

Regardless of the form, online gaming remains popular with a wide audience across age, gender and location. This brings several technology law considerations into focus for gaming companies.

• Data lifecycle management for gaming companies encompasses various stages from collection, consent management, processing, and disclosure to deletion and secure disposal.

• Processing of sensitive personal data such as passwords and financial information is subject to additional requirements under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”) in India.

• Where ads are shown by gaming companies, the data that is collected and processed (including the use of data collected by other entities) and the basis on which ads are shown, need to be assessed. Adequate disclosures must be made in the privacy policy (which should be published on the website), and consent practices must be tightened to ensure compliance.

• The age when a person is defined and protected as a child differs in different jurisdictions, and the implications of being considered a child may also vary.