In the late 1950s, the creation of a simple multiplayer game ‘Tennis for Two’ by American physicist William Higinbotham revolutionized the gaming world. An instant hit among gamers, the game is believed to be the first developed in the history of video games.
Today, the gaming industry is among the biggest, with the US market growing to over $85.86 billion in 2021, surpassing the record high of $76.15 billion in 2020.
Over the years, the popularity of video games has grown significantly. According to Statista, the number of video game players has jumped dramatically in the last two decades. It is estimated that from 2015-2021 to 2024, there will be as many as 3.3 billion gamers across different gaming platforms. However, as the number of gamers increases, so does the data, which is a gold mine today.
Businesses and technology giants often use gaming user data to generate content and deploy targeted marketing. Most companies collect customer data, including the finance, real estate, insurance, and gaming sectors. This data is utilized in two ways: to improve user experience and to target adverts with CTAs (call to action) buttons to boost customer purchases.
The aggregate of this data is immense, and any third-party corporation would be interested in tapping into the feeds of gamers to offer more goods and services, as explained by TechRobot, which also outlines the growing worry over the usage of gamers’ data and who might be using it.
The security firm thoroughly investigated gaming companies to learn how they gather data and how it is used. A condensed version of the study may be used to understand how and where these data sets are used and how much information these businesses know about gamers.
What data is collected by gaming companies?
Most popular game developers collect data, including the user’s personal information, real names, email addresses, cities and countries, and even the language they use. Nevertheless, many online game producers list their privacy policies to the public, detailing how they collect data and how it is used, in contrast to customary business procedures.
Many governments, especially those in the American and European continents, demand businesses disclose the data they are gathering and the purposes for which it is being used.
However, despite these regulations and data privacy policies, individual data is often vulnerable to being hacked and utilized by bad actors. This is equally threatening for gamers and gaming companies because if the customer’s data gets hacked, then hackers can target individual users, putting the companies at greater risk of being condemned by the users, the government and data protection committees.
To address this persistent issue, companies must mitigate measures that will protect users’ data and limit what they collect about their customers, preventing data theft to a certain extent.
However, some companies collect data not related to gameplay or any other services related to gaming. This data sometimes includes the gaming habits of users, language preferences, items used in the gaming and in-game currency details, and banking details. This raises questions about the privacy and security policies that the company employs.
The disadvantages of online gaming
Popular battle royale games like PUBG, Fortnite, Call of Duty, and CSGO allow players to interact with each other using voice and text messages. This communication channel enables players to devise strategies against their in-game enemies. Game monitoring systems not only keep a tab on their users’ activity inside the game but also on the conversation that happens between two or more accounts.
The conversions consist of text, videos, and voice notes shared between two or more contacts and are a “user only” function. However, some game developers (approximately 25%) also gather data from them. Game creators are constantly concerned that threat actors and hackers could take advantage of the data stored on servers and backups, negatively affecting the lives of millions of gamers. Moreover, hackers can use social engineering methods to contact the friends and family members, which could lead to an endless cycle of data thieving.
How can game data be used against gamers?
Most online video games collect aggregate data on the players, including the time, spent playing the game, their rankings, affiliated groups, friends list, and even the things they generally do while playing the game. This data is then used to provide a better gaming experience, including lowering the difficulty level and adding the players’ elements/objects of interest.
However, concerns arise over this data as it can be used outside of virtual life as it collects data points that describe players’ real-life identities, including their gaming habits, gaming hours, online preference, and much more. This data is then bundled and sold by 78% of video game developers to outside parties.
Here is a quick look at the user data stored by famous game developers and what percentage of data they use.
Rank | Developer / Account needed | Example Game that uses this account | Percentage data points stored per game |
1 | Riot Account | League of Legends | 81% |
2 | Rockstar Games Social Club Account | GTA Online (GTA V) | 75% |
3 | Microsoft Account | Minecraft | 74% |
4 | EA Account | APEX Legends | 68% |
5 | Square Enix Account | Final Fantasy XIV | 68% |
This data is highly sensitive as it allows companies and marketing firms to create personalized ads for users and even campaigns that market a particular plan. A prime example of this can be seen in the Chinese social credit systems, where the Chinese Communist Party (CCP) uses data points to keep a tab on citizens’ behavior and how they respond to situations, including offline and online events.
In a hypothetical setting, a particular government may use the information gathered by gaming businesses to analyze data points to examine a citizen’s social behavior and degree of trustworthiness.
This information can be used to limit a citizen’s influence on society, for example, by restricting credit opportunities for these people or by capping their international travel. Even if this possibility is purely speculative, there is a probability that some communist countries would adopt this system of citizen evaluation to prevent any potential harm to the regime beforehand.
Gaming companies that collect data
TechRobot listed the names of a few game developers that collect data from their users. Based on this research, the gaming companies collect data including user name, date of birth, device configurations, gaming activity, media exchanged between two or more players and other data that should be ethical and protected. Usually, these companies share their data policies on their website, which contains how and where the data is being used.
Rank | Developer / Account needed | Percentage of data points collected per developer |
1 | Riot Account (League of Legends, Valorant) | 81% |
2 | Rockstar Games Account (GTA Online, Red Dead Redemption 2) | 75% |
3 | Microsoft Account (Minecraft) | 74% |
How to protect online gaming data?
Gaming companies use different metrics to segregate the data collected from users. This data can be used by the gaming company or sold to other companies for marketing purposes. Some companies also use this data to fix their algorithms and difficulty levels for the players.
Online games like PUBG, COD: Mobile, and Fortnite release new seasons and patches with every update. These updates aggregate the fixes and new features employed by the developers — derived from the user experience and data points collected from the players.
Moreover, each new update comes with better features, fresh content, and designs to keep the players engaged with their game. Interestingly, these things are also created with the data collected by the user during their entire gameplay sessions.
As game developers aim to collect more data about users, the possibility of that data being exploited increases simultaneously. Though the data is helpful for developers to improve the in-game experience, the hackers are equally interested in it because it serves their purpose as well.
Online gamers can avoid the data trap using various mitigation techniques to limit what data companies can collect from players—for example, VPNs and reading users’ privacy and data policy. Though there is no instant fix for how companies collect data from gamers, there should be a central authority over how these companies operate and what data is required by the company.
By checking gamers’ data, governments can prevent future breaches and possibly mitigate them through combined efforts from cybersecurity companies and national and international authorities.