Terms and conditions form a contract between the games publisher and the player. They deal with the conditions on which the game is supplied, limit the publisher's liability and cover data protection and consumer protection compliance, and may also deal with regulatory issues around in-game currencies.

There are a number of challenges with providing the legally required information to players in such a way that it is legally binding, particularly when a game is being supplied on a small screen.

Game publishers will need to ensure they have the following:

End User Licence Agreement (EULA)

The EULA is a contract with the players setting out rules on how they may use the game together with other provisions covering things like the publisher's liability, intellectual property and rules on user-generated content. In the context of app games, publishers often rely on a default EULA such as the ones provided by Apple and Google, rather than supplying their own. This can, however, leave them exposed as these types of agreement are geared more towards protecting the platform provider than the game publisher.

Privacy and cookies policy

The processing of personal data and the placing of cookies on devices are regulated. Publishers will need to include privacy policies and a cookie policy (if using cookies) to explain to players what is happening to any personal data they provide, to explain what cookies are being dropped and to get user consent where required.

Many games collect and process personal information. Some of this will fall into categories of information that are considered "sensitive" and which need additional security if processed, for example, login credentials, registration and financial information.

The value of player data has soared and publishers collect, use and share information on a significant scale across an increasingly connected network of devices and players. The type of data collected may include personal contact details, certain device information and details obtained from gameplay and tracking online habits. When games are played in the Cloud, allowing players to switch seamlessly between devices mid-game, the amount of data collected increases further. The ability to consume, analyse and utilise this data brings enhanced value to businesses and convenience to players but also, inevitably, raises privacy concerns as much of this data will be personal data, the collection and use of which is regulated.

It is important for businesses in the games industry to ensure privacy compliance, not only to comply with legal obligations, but also to build and maintain player trust and protect investor value. Non-compliance can trigger negative PR, brand damage and regulator enforcement (including prosecution and, in the case of serious breaches, fines). Data losses can also generate headlines in the mainstream press, as we saw with Sony.

Key legal considerations:

Transparency about data use

It is essential to be upfront with players about what personal data is being collected and what it is being used for, including whether it is being shared with third parties or transferred out of Europe. This is usually done in a privacy and cookies policy (see below).

Valid player consent

In many cases it is likely that consent will be needed to justify the use of players' personal data. Publishers will need to consider how to achieve this effectively, particularly in games targeted at children where it is necessary to show that the player is capable of understanding what is being asked of them.

Notification to the ICO

Most publishers will need to notify the Information Commissioner's Office (ICO) of the personal data which is being collected and used, and who it is being shared with. Failure to do so where required is a criminal offence.

Transferring personal data outside Europe

A publisher will need to take one of a number of possible compliance steps to ensure the personal data is protected if it is transferred outside Europe. This can include using EU-approved 'model clauses' or getting approval to the transfer from the ICO.

Security

Data risks must be assessed and reviewed on an ongoing basis. Failure to address these risks can attract harsh penalties and reputational damage.

For more, see section on 'Leveraging player data' in the TW Play Guide.

Other considerations:

Consumer protection rules

Another heavily regulated area is consumer protection. New rules require providers of downloadable digital content to get the user to specifically acknowledge that it has been supplied to them and that this voids their cancellation right (otherwise standard cancellation rights will apply). Consumer rules also require certain specific information to be provided to players at various stages of any purchasing process.

In-game purchases

It is very important to make it clear to players at the outset if in-game purchases are available, all the more so if game experience depends on making them. In addition, particular care must be given when explaining this if the game is directed at children. Being upfront and transparent is key (see section in TW Play Guide on 'Advertising and promotions' for more detail).

In-game currency

As covered previously, in-game currencies may raise regulatory issues and the terms and conditions will need to adequately reflect these.

Enforceability

It is not enough to have terms and conditions buried somewhere deep in the game. Players need to be presented with clear terms and conditions at the right time in the process if the terms are to be enforceable. An example of where this is particularly important is when capturing consent both to the EULA and to the privacy and cookies policies.

Depending on the way the game is distributed, there will be different appropriate ways of making sure terms and conditions are enforceable and that user consent is obtained. Where boxed copies of console games are sold, the traditional 'shrink wrap' approach where the small print is available within the box remains common. In other situations, the ideal way to do achieve enforceability is to present the various terms and conditions at the outset and provide acceptance tick boxes. This is not always practical, particularly on small screens and consumer law does provide that, where there is limited space to display all the required information, only certain details (such as the price of the game or the cost of in-game purchases) must be provided upfront with the rest of the information supplied in "another appropriate way", for example through a link to a web page.

Where space is limited, a cautious but pragmatic approach is often for the game provider to:

  • have its own EULA (rather than any default version from the relevant app store) and privacy policy;
  • make both sets of terms available via a link on the download page (clearly entitled "End User Licence Agreement" or, better still, "End User Licence Agreement - Please read"); and
  • include appropriate wording to obtain agreement from the player.

Certain information disclosure requirements as part of the purchase process for games or in-game purchases fall squarely within the remit of the platform providers like Apple with its App Store and Valve with its Steam Store, rather than the publishers. This is because it is the platform providers which process the payments from players and interface with them rather than the game publisher.