Welcome to Data Privacy Week! You know, in the early days of online gaming, data privacy just wasn’t on most people’s minds.
These early trailblazers were all about exploring the possibilities in a digital Wild West.
When online games shifted from being adventuresome experiments to successful commercial ventures, however, it became imperative to protect them and their players from online threats.
In honor of Data Privacy Week, today’s post provides a quick introduction to information security and internet safety in the context of internet gaming.
Whether you’re a game creator or player, there are simple things you can do to help protect yourself, your games, and your gaming communities.
Data privacy in online games
So, data privacy. What’s it all about?
Often referred to as information privacy, data privacy is about the proper handling, processing, storage, and usage of personal information.
Personal information includes things like your name, email address, physical or billing address, IP address, age, birthday, likes and dislikes, connections, online activities, and even your in-app behaviors.
Anything that can be used to identify you can be considered personal information.
Aspects of information privacy
So when we talk about information privacy in the context of online games, we mean:
- Handling and processing: Every aspect of what a game does with the information it collects about you, from the time it’s collected to the moment it’s deleted. This includes things like accepting your address through a registration form, linking your game account to your social media account, or how the game processes your data for third parties.
- Data storage: How and where personal information about you is kept. For example, MMORPGs like World of Warcraft have extensive databases for storing player profiles, game state data, and transaction histories. In the case of a MUD, data might be stored in databases, as flat files, or as text logs on a remote server.
- Usage: All the different ways your personal information can be used, both within and outside of the game. Stored data is often used for things like enhancing the game, personalizing your gaming experience, and marketing other games, downloadable content, or products to you. Games will also analyze and monitor data to prevent fraud, cheating, and unauthorized account access.
A focus on data privacy means respecting individual rights and ensuring that personal details are used in ways that are transparent, secure, and consistent with the expectations of the individual.
Understanding data privacy is therefore the first step in protecting it.
What is Data Privacy Week?
Data Privacy Week is an international effort to spread awareness about online privacy, educate people about how to secure their personal information, and encourage businesses to be more transparent about how they collect and use data.
The initiative emerged as a response to the increasing number of data breaches and the widespread misuse of personal data for various purposes, from identity theft and fraud to intrusive marketing.
When is Data Privacy Week?
Data Privacy Week is held annually from mid-to-late January and is an extension of Data Protection Day in Europe.
This year (2024), Data Privacy Week is from Sunday, January 21st to Saturday, January 27th.
From anonymity to awareness
In the early days of online gaming, players had a much smaller digital footprint. There was no such thing as social media, linked accounts, or online payments.
But with the rise in digital commerce, all that changed.
Not only did gaming companies collect personal details and payment information, but they began to collect, store, and analyze a lot more data about their users.
After all, the more these companies could know about their users, the better they could market and sell to them, right?
The problem was that this also made the industry an attractive playground for bad actors – people with bad intent.
The gaming industry gets a wake-up call
In 2011, Sony’s PlayStation Network got hacked. Personal information was compromised for approximately 77 million PSN users, including their names, addresses, email addresses, birthdates, usernames, passwords, logins, and security questions.
The incident took PSN offline for 23 days, and Sony ended up paying out millions of dollars in settlements in the years that followed.
This was a wake-up call for the gaming industry and its users. Data privacy can’t just be an afterthought; it has to be taken seriously.
However, not all threats come from external sources seeking financial gain.
Bad actors and toxic gaming communities
Doxxing (or doxing) occurs when someone’s personal information is revealed online without their consent. Usually, this is done to harass, intimidate, or otherwise harm them.
Essentially, their personal information is weaponized against them.
The information revealed can include the person’s real name, phone number, or even their street address, which is why doxxing can be quite scary and stressful.
But doxxed information can also include logs from sensitive or intimate conversations, too. Stuff you don’t want the rest of the world seeing.
Often, sensitive information is collected outside of the game, such as by digging around a person’s social media account, phishing their email, or tricking them through private chats.
In the old days, doxxing wasn’t as widespread of a problem because there just wasn’t that much information about people on the internet. Nowadays, everything is online.
That’s why it’s so important to apply good data privacy practices everywhere.
Data Privacy Week isn’t just a call to arms for game developers and platform creators; it’s a reminder to every player that they have a part to play in keeping themselves and their communities safer.
How to participate in Data Privacy Week
There are many ways to take part in Data Privacy Week. Below are some ideas for all game enthusiasts, as well as additional ideas specifically for game creators.
Pick what makes the most sense for your game or community – or get creative and come up with your own!
The goal is to raise awareness about the importance of data privacy and to do what you can to make the internet a safer place.
Participating as a player / gamer / user
Here are several things you can do during Data Privacy Week as a player:
- Educate: Read up on your privacy rights and how to protect your personal information. Share the lessons you learn with your friends so they can better protect themselves, too.
- Review: Go through the permissions you’ve granted to your gaming platforms and apps. Make sure you’re comfortable with what data you’re sharing.
- Reflect: Think about the confidential information you typically share with people online, especially in “private” channels. Nothing is truly private on the internet. Remember to avoid telling people sensitive information that you wouldn’t want to get out into the open.
- Advocate: Use your voice in your gaming communities to promote discussions about data privacy, and support platforms that prioritize user privacy.
- Secure: Never, ever, ever, ever, ever, ever re-use passwords, and always keep your passwords secure. Invest in a tool like 1Password if you need a way to generate and keep track of all your complex passwords.
- Monitor: Sign up for haveibeenpwned. You can see a list of public (known) data breaches your email address and personal information have appeared in over the past several years. HIBP will email you when your personal information is found in future breaches, along with a summary of the breach and what kind of information was compromised.
And remember: if you play MUDs, most games out there are not secure.
Participating as a creator / developer
Here are some additional things you can do as a game creator or developer:
- Assess: Take this week as an opportunity to review your data collection, storage, and processing practices. If they aren’t up to snuff, be honest and communicate the gaps with your players.
- Educate: Provide resources and information to help your players understand their privacy rights and how they can protect their data. Remind them not to reuse passwords or to give out sensitive information. If you have horror stories or cautionary tales to share, consider sharing them. These stories can be very powerful, especially if people look up to you.
- Commit: Use Data Privacy Week to communicate your commitment to data privacy and to outline the steps you’re taking to protect your users’ information. Encourage other game creators in your online communities to do the same.
Data privacy is an ongoing process. The internet is always evolving, so our data privacy practices need to keep evolving, too.
If this topic is something that interests you, I highly recommend checking out the Darknet Diaries podcast.
Listen to the first few episodes, and you will start to see the internet as it is: a hostile environment.
You’ll also learn a lot about what you should and shouldn’t do to keep yourself safe.
Some related articles in my own blog that you might find interesting or helpful:
- Toxic gaming communities and how to avoid them – how to identify a toxic space and avoid creating or being part of one
- Measuring player activity in text games – things to consider when collecting information from or about players
- ERP and consent in games – why consent is important and ways to protect players from nonconsensual situations
That’s it for today! I’m a bit under the weather this week, but I hope to come back around to this post in the future to flesh it out with more tips and ideas.
Until then – stay safe!