Gaming and personal information: playing with privacy
Revised: May 2019
The way we play video games has changed radically since the days of cartridge- and disc-based gaming. Most major games are now downloadable, wholly virtual and constantly connected. We now regularly play games with people around the world on a multitude of devices.
If you are one of the millions of Canadians who enjoy playing online video games, take a moment to understand the potential privacy risks and what you can do to help safeguard your profiles.
On this page
- Personal information and gaming
- Setting your privacy controls
- How gaming profiles connect to other networks
- Collecting your personal information without consent
- Online impersonation
- Who can access your profile and list of friends?
- Gaming companies sharing your personal information
- Deleting your personal information
- Additional reading and resources
Personal information and gaming
In order to enable – and sometimes even fund – these multiplayer experiences and administer a network of contacts and interactions, companies need (and want) to collect more personal information from consumers. It is also common for your gaming network profile to be tied to wider online social network sites.
And while scoring points and unlocking new worlds may be the name of most games, privacy shouldn’t be an afterthought. You should take seriously how information is collected, shared and used by everyone in the gaming ecosystem.
What kind of personal information do gaming companies collect through online gaming? The answer is everything from names, addresses, credit card information for billing purposes, email and IP addresses, feedback rankings from others, digital images and personalized profiles.
Why games collect personal information
You often need to provide personal information to access gaming services. To create an online account, gaming companies often require your name, mailing address, email address and date of birth. They may also ask for and store payment information for in-game purchases. Companies often automatically collect some geographical information to offer you the closest server as well as players in similar time zones to play with.
For online gambling games, gamers will also be asked to confirm they are of legal gambling age. To wager actual money, gamers will also need to make a deposit and provide financial information to arrange for payment.
It’s a good idea to create an email address just for gaming so you will quickly know if a gaming service is using your information inappropriately. If a gaming-only email address receives an email, you’ll know who shared it without permission.
Setting your privacy controls
The choice given to gamers around privacy controls depends greatly on the gaming platform, companies involved and features of the game itself. Some platforms offer exhaustive and detailed controls, while others provide only one or two choices.
- For simple, single-player games there could be limited or extensive collection of information in order to serve ads to you while playing
- Large, multiplayer environments may require considerable personal information - including your preferences about how you communicate with other gamers
- On the other hand, they may allow you to play relatively anonymously with a quick sign-up involving a username, password and email address
Are there trade-offs for stricter settings?
There may be. In more sophisticated gaming environments, you can often set your privacy settings very restrictively so that no one can see your personal details except the game company itself. This level of security is not very conducive to multiplayer gaming or the social aspects of the online experience. As a result, many gamers choose less restrictive settings.
Similarly, some games ask permission to access your device’s camera, microphone or location data in order for the game to function properly. It may be appropriate to allow access while playing, but you should have the ability to turn off access when not.
How gaming profiles connect to other networks
Gaming consoles and networks let gamers tie their gaming activities to other social media such as Facebook, YouTube or Twitch. This means gamers can update their status and messages from within the game itself.
Further, many gamers now stream their gaming via video streaming services. This allows anyone with the right URL to watch your game as you play or, if you have cameras linked in, actually watch you play the game, wherever you are.
Linking gaming profiles to other networks
Linking with other networks allows gamers interested in playing online with friends to notify them easily when a game session is about to start, regardless of the time or their location.
If you synchronize your gaming and social sites, read the associated privacy policies and user agreements carefully to make sure you understand what information the two platforms will exchange. If you’re not comfortable, don’t sync them. You can also adjust your privacy settings to limit the amount of information shared.
Game streaming has become big business. Some professional gamers now make significant money by building up followers on streaming platforms. Before you head in this direction, make sure you understand how information is shared and who has access to your streams and when.
Finally, gaming companies often use the personal information they collect to:
- determine the kind of gaming content you might be interested in
- assist advertisers in targeting their in-game advertising
- offer player matchup services (to find gamers with similar skills or play against another gamer nearby)
This data may be in the form of “aggregate” information. On its own, aggregate information describes the habits, usage patterns and demographics of gamers as a group, but does not describe or reveal the identity of any particular user.
A wider privacy concern arises when game profile data within one platform - such as network registration information, is linked to other personal information such as the user name and password from a social media account. Make sure you understand how linking data of this type for convenience makes user profiling much easier. See our Guidelines on Privacy and Online Behavioural Advertising for more details.
When you register for a gaming service for the first time, the service will likely ask you to establish a profile. The game usually requests access through an interface or a form that allows you to provide some information and set some personal preferences. The game usually presents privacy settings at this stage, and requests consent for the gaming service to collect and store your personal information.
Collecting your personal information without consent
In Canada, gaming companies need to obtain meaningful consent from players if personal information is being collected, used or disclosed.
This can be challenging, however, when it comes to children who play games online. Many adults don’t understand what’s happening behind their computer screens – we certainly can’t expect children to appreciate fully how their personal information is being collected and used.
Parental control and valid consent from children and youth are among the main privacy issues with online games. Our office believes that children under 13 can’t usually provide valid consent. If gaming services believe a child to be under 13, they need to request consent from a parent. Then, after registration, the parent should have options to control:
- their child’s access to content
- ability to chat with other account holders
- how personal information will be shared
No gamer wants their account to be taken over and companies actively try to minimize this risk. But whenever you use personal information to establish a virtual presence or online identity, there is risk for abuse. There are, for example, high-profile cases in which online gaming accounts were taken over or blocked by virtual competitors.
Safeguarding your profile
Given that personal information or financial details are often part of gaming profiles, it is best to use:
- strong passwords
- multi-factor authentication (where available)
- HTTPS (Hypertext Transfer Protocol Secure), a web application option that will encrypt personal information and in-game communications as it travels across the web
- restrictive privacy settings
- minimal personal information of a sensitive nature (for example, your home address, school or work-related details)
If permitted in a game’s terms of service, you can also adopt a pseudonym or nickname. But remember: if you use the same pseudonym across a number of games or social platforms, people may be able to identify you more easily.
Also, be careful when clicking on links within in-game chats, especially if you don’t know the other gamer in real life – they may be phishing attempts.
Who can access your profile and list of friends?
Each console system or game company will have different privacy defaults and options. These settings and the way you use them will determine how much information another user can see about you and your contacts.
That said, when you establish and use contact lists and online friends’ information, be aware that you may expose personal information of other individuals if you do not manage your own privacy settings carefully. Because profiles are like online business cards, they are easily traded, and other people’s information can often be exposed with a single message.
Gaming companies sharing your personal information
Gaming companies may share your information quite broadly. The companies may disclose personal information in order to:
- comply with the law
- monitor disruptive behaviour
- resolve service problems
- further game development
- ensure payment
- allow communication between individual gamers
- provide participants with advertising and promotional information
The list of third parties may include:
- individual programmers under contract (anywhere in the world)
- financial institutions
- online hosting or distribution services
- call centres for technical and gaming support
- Internet service providers
- law enforcement and other state agents
Gamers should make sure the console company or gaming service sets out specific terms about accountability and safeguards for personal information in their Terms of Service agreement. Seeking consent or providing notice to consumers is also very important. Gamers should also take note if a company contact is specified.
Some gaming companies state that they do not take responsibility for personal information transferred to third parties and cannot guarantee a comparable level of protection if information is processed by a third party in another country, for example. Most gamers have limited knowledge about the scope of disclosure of personal information to third parties.
Who else can access your in-game communications?
Once you set up a personal account within a gaming network and post a profile, you will be able to send messages or even chat live to others playing the same game. For some mobile consoles and games, this element is one of the most popular features. You might be able to communicate through email or chat, or via a microphone, both inside and outside the game.
These communication functions are not critical to most game play. Your privacy settings should allow gamers to block certain other gamers or close down communications entirely if there are problems. Most services also encourage gamers to report incidents immediately if another user is harassing or abusing other gamers.
Deleting your personal information
Some privacy policies have no provisions regarding data retention, deleting personal information or deactivating accounts. This means gamers no longer playing a game online may close their account, but still have personal information both online and with gaming corporations.
Canada’s private sector privacy law says companies must ensure they have proper methods for disposing of personal information they no longer require. See our Personal Information Retention and Disposal Principles and Best Practices guidance for more information on companies’ obligations.
Additional reading and resources
- Russell, Cameron; Reidenberg, Joel; Moon, Sumyung. Privacy in Gaming (2018). Fordham Law Legal Studies Research Paper.
- Tripwire – A Checklist for Online Gaming (2018)
- Pew Internet & American Life Project, Online Gaming (2018)
- Ensign, Emily; iKeepSafe.org. How Online Gaming Impacts the Privacy of Students (2018).
- Date modified: