“GDPR everywhere”: computergames and data protection

In his keynote on our conference “More Tham Just a Game” Prof. Dr. Michael Ronellenfitsch, Commissioner for Data Protection and Freedom of Information of Hesse, talked about the EU General Data Protection Regulation (GDPR) and the different approaches of German data protection authorities in case of violations of data protection law. While the data protection authorities in the Northern states of Germany were very strict in the interpretation of applicable regulations, interpretation in the
South of Germany was somewhat more liberal so that, after all, it does make a difference which data protection authority in Germany is responsible for a company.

The subsequent expert panel discussing the topic “GDPR how you never knew it” consisted of Mike Atamas (Company lawyer with Epic Games), Prof. Dr Michael Ronellenfitsch (Commissioner for Data Protection and Freedom of Information of Hesse), Susanne Klein, LL.M. (Partner with BEITEN BURKHARDT), Darya Firsava (Company lawyer with Wargaming) and Beata Sobkow, LL.M., CIPP/E (Lawyer with Harbottle & Lewis). The panel was chaired and moderated by Dr Andreas Lober, Partner with BEITEN BURHARDT.

The effects of the GDPR are clearly noticeable in the games industry just as in any other sector. And the game providers have reacted: As Epic Games wishes to provide users of the online game “Fortnite” all over the world with the same gaming experience, according to Mike Atamas, one of the effects of the GDPR is that Epic complies with its strict requirements around the world, irrespective of whether the player concerned plays in a EU member state or not (“GDPR everywhere”).

According to Mike Atamas the GDPR is among the strictest data protection legislations in the world, only South Korean data protection regulations are even stricter. Further, the GDPR provides data subjects with more possibilities to assert their rights. This was also confirmed by Susanne Klein of BEITEN BURKHARDT. The data subjects had a clearly greater awareness for data protection issues

and the rights they are entitled to than before. That is why, since the entry into force of the GDPR, data subjects have increasingly asserted their rights also vis-à-vis games enterprises, e.g. their right to information pursuant to Art. 15 GDPR, which could in many cases result in collisions with entrepreneurial interest in the protection of their business secrets. Beata Sobkow of Harbottle & Lewis and Darya Firsava of Wargaming agreed to this observation.

This is, in particular, reflected in the field of anti-cheat measures. By way of asserting GDPR claims, users would increasingly request information on anti-cheat mechanisms implemented by the games companies, said Darya Firsava. But according to Firsava of Wargaming, such information was not made available as from Wargaming‘s point of view such information constituted trade secrets. In fact, at Wargaming such information serves to identify some 70 percent of all users of cheat software, said Firsava. Disclosure of such information would, thus, present a risk for the games companies.

Another topic was the legal admissibility of personalised advertising in mobile games. Darya Firsava of Wargaming reported in this context on her work at Wargaming with respect to the promotion of own products and the difficulty in considering whether a separate consent of the user had to be obtained in each case or not.

If you have any questions please feel free to contact Timo Conraths and Susanne Klein.


Susanne_Klein_ADVANT Beiten

Susanne Klein

Rechtsanwältin, LL.M., Licensed Specialist for Information Technology Law, external data protection officer (certified by TÜV Nord)



Games Gamesbranche

Contact us

Susanne Klein T   +49 69 756095-585 E