MUMBAI: The All-India Game Developers’ Forum (AIGDF), in partnership with the Indian Governance and Policy Project (IGAP), has released its latest report titled ‘Anticipated Impact of the Digital Personal Data Protection Act, 2023 on the Online Gaming Sector’. This report evaluates the implications of India’s recently enacted Digital Personal Data Protection (DPDP) Act, 2023 on India’s nascent gaming industry, once the law is implemented. The report examines specific data protection compliance requirements across categories of online games (Free-to-Play games, Real-Money Games, and Web3 gaming). The report also offers recommendations to the Central Government on crucial clarifications and potential exemptions for gaming, especially concerning parental consent, the handling of children’s data, and compliance timelines for data processing restrictions.
Key Insights from the Report:
New Personal Data Obligations: The DPDP Act imposes several new compliance obligations, such as granular notice and consent requirements, on gaming companies processing personal data across categories. However, the impact of the law may vary significantly across different gaming formats.
Free-to-play Games: Compliance requirements for this category of games may be significant as the target audience may include players under the age of 18, for who the DPDP Act prescribes additional obligations to data fiduciaries.
Real-Money Games: While the impact on this category of games may be limited, notice and consent requirements, along with sectoral regulations may impact KYC processes implemented within games.
Web3 Games: Interaction between the DPDP Act obligations and Web3 gaming elements such as digital avatars, blockchain, pseudonymous identities and psychophysical data is a potential grey area leaving scope for clarification from regulators.
Children’s Data Protection: Free-to-play games, in particular, are expected to face new challenges with implementing parental consent, data processing restrictions, and prohibitions on behavioral monitoring and targeted advertising aimed at children, all of which may fundamentally impact the business models of these games.
Significant Penalties: Non-compliance with the DPDP Act could result in penalties as high as INR 250 crore (approximately $30 million), putting added pressure on Indian gaming companies, including MSMEs, to meet stringent data protection standards once the law is in effect.
AIGDF spokesperson Roland Landers said, “The Digital Personal Data Protection Act is a landmark law for India, and its impact on the gaming industry, like other digital sectors, cannot be overstated. AIGDF’s report lays out the expectations and challenges that gaming companies must embrace to adapt to compliance changes, while maintaining their innovative edge in one of the world’s fastest-growing markets.”
