Language selection


Gaming and personal information: playing with privacy


If you are one of the millions of Canadians who enjoys playing video games – whether on a console, PC, or phone – take a moment to understand the potential privacy risks and what you can do to help safeguard your personal information while gaming.

On this page

What gamers should know

Know the risks, so that you can upgrade your armour.

Risks include:

  • Your personal information may be shared broadly with third parties
  • Gaming and social sites may exchange your personal information
  • Someone may attempt online impersonation

Use this real-time strategy to defend your position:

More tips to level up your protection:

  • Create an email address just for gaming
  • Use a nickname

Personal information and gaming

In order to enable – and sometimes even fund – these multiplayer experiences and administer a network of contacts and interactions, companies need (and want) to collect more personal information from consumers. It is also common for your gaming network profile to be tied to wider online social network sites.

And while scoring points and unlocking new worlds may be the name of most games, privacy should not be an afterthought. You should take seriously how information is collected, shared and used by everyone in the gaming ecosystem.

What kind of personal information do gaming companies collect through online gaming? The answer is everything from names, addresses, credit card information for billing purposes, email and IP addresses, feedback rankings from others, digital images and personalized profiles.

Why games collect personal information

You often need to provide personal information to access gaming services. To create an online account, gaming companies often require your name, mailing address, email address and date of birth. They may also ask for and store payment information for in-game purchases. Companies often automatically collect some geographical information to offer you the closest server as well as players in similar time zones to play with.

It is a good idea to create an email address just for gaming that is forwarded to your primary email address so that you will quickly know if a gaming service is using your information inappropriately. If a gaming-only email address receives an email, you will know who shared it without permission.

Setting your privacy controls

The choice given to gamers around privacy controls depends greatly on the gaming platform, companies involved and features of the game itself. Some platforms offer exhaustive and detailed controls, while others provide only one or two choices.

  • For simple, single-player games there could be limited or extensive collection of information in order to serve ads to you while playing
  • Large, multiplayer environments may require considerable personal information - including your preferences about how you communicate with other gamers
  • On the other hand, they may allow you to play relatively anonymously with a quick sign-up involving a username, password and email address

Are there trade-offs for stricter settings?

There may be. In more sophisticated gaming environments, you can often set your privacy settings very restrictively so that no one can see your personal details except the game company itself. This level of security is not very conducive to multiplayer gaming or the social aspects of the online experience. As a result, many gamers choose less restrictive settings.

Similarly, some games ask permission to access your device’s camera, microphone or location data in order for the game to function properly. It may be appropriate to allow access while playing, but you should have the ability to turn off access when not. See our tips for using privacy settings to learn how to adjust yours.

How gaming profiles connect to other networks

Gaming consoles and networks let gamers tie their gaming activities to other social media such as Facebook, YouTube or Twitch. This means gamers can update their status and messages from within the game itself.

If you decide to stream your gameplay, anyone with the URL will be able to view it. If you have cameras linked in, they can actually watch you play the game, wherever you are.

Linking gaming profiles to other networks

Linking with other networks allows gamers interested in playing online with friends to notify them easily when a game session is about to start, regardless of the time or their location.

If you synchronize your gaming and social sites, read the associated privacy policies and user agreements carefully to make sure that you understand what information the two platforms will exchange. If you are not comfortable, do not sync them. You can also adjust your privacy settings to limit the amount of information shared.

Game streaming has become big business. Some professional gamers now make significant money by building up followers on streaming platforms. Before you head in this direction, make sure that you understand how information is shared and who has access to your streams and when.

Finally, gaming companies often use the personal information they collect to:

  • determine the kind of gaming content that you might be interested in
  • assist advertisers in targeting their in-game advertising
  • offer player matchup services (to find gamers with similar skills or play against another gamer nearby)

This data may be in the form of “aggregate” information. On its own, aggregate information describes the habits, usage patterns and demographics of gamers as a group, but does not describe or reveal the identity of any particular user.

A wider privacy concern arises when game profile data within one platform - such as network registration information, is linked to other personal information such as the user name and password from a social media account. Make sure that you understand how linking data of this type for convenience makes user profiling much easier. See our guidelines on privacy and online behavioural advertising for more details.

Where is the privacy policy?

When you register for a gaming service for the first time, the service will likely ask you to establish a profile. The game usually requests access through an interface or a form that allows you to provide some information and set some personal preferences. The game usually presents privacy settings at this stage, and requests consent for the gaming service to collect and store your personal information.

The privacy policy is generally provided for review on screen or as a hyperlink. You may also have an opportunity to review the privacy policy when you set up features for a console or device to connect with a wireless network.

Privacy policy information can be very helpful for finding out what information is gathered through the game console, where it goes, how it gets used and who to contact if you have a problem or question. To learn more: see our advice on what to consider when reading a privacy policy.

Collecting your personal information without consent

In Canada, gaming companies need to obtain meaningful consent from players if personal information is being collected, used or disclosed.

This can be challenging, however, when it comes to children who play games online. Many adults do not understand what is happening behind their computer screens – we certainly cannot expect children to appreciate fully how their personal information is being collected and used.

Parental control and valid consent from children and youth are among the main privacy issues with online games. The OPC believes that children under 13 cannot usually provide valid consent. If gaming services believe a child to be under 13, they need to request consent from a parent. Then, after registration, the parent should have options to control:

  • their child’s access to content
  • ability to chat with other account holders
  • how personal information will be shared

Online impersonation

No gamer wants their account to be taken over and companies actively try to minimize this risk. But whenever you use personal information to establish a virtual presence or online identity, there is risk for abuse. There are, for example, high-profile cases in which online gaming accounts were taken over or blocked by virtual competitors.

Safeguarding your profile

Given that personal information or financial details are often part of gaming profiles, it is best to use:

  • strong passwords
  • multi-factor authentication (where available)
  • restrictive privacy settings
  • minimal personal information of a sensitive nature (for example, your home address, school or work-related details)

If permitted in a game’s terms of service, you can also adopt a pseudonym or nickname. But remember: if you use the same pseudonym across a number of games or social platforms, people may be able to identify you more easily. You might want to avoid nicknames that might infer your age or location, like “EdmontonDude2002.”

Also, be careful when clicking on links within in-game chats, especially if you do not know the other gamer in real life – they may be phishing attempts. For more information, see our advice on identity theft.

Who can access your profile and list of friends?

Each console system or game company will have different privacy defaults and options. These settings and the way you use them will determine how much information another user can see about you and your contacts.

That said, when you establish and use contact lists and online friends’ information, be aware that you may expose personal information of other individuals if you do not manage your own privacy settings carefully. Because profiles are like online business cards, they are easily traded, and other people’s information can often be exposed with a single message.

Gaming companies sharing your personal information

Gaming companies may share your information quite broadly. The companies may disclose personal information with

  • law enforcement and other state agents to comply with the law
  • technical and gaming support call centres to resolve service problems
  • gaming programmers and researchers to further game development
  • online hosting or distribution services to allow communication between individual gamers
  • financial institutions to ensure payment
  • advertisers and marketers to provide participants with ads and promotions

Gamers should make sure the console company or gaming service sets out specific terms about accountability and safeguards for personal information in their Terms of Service agreement. Seeking consent or providing notice to consumers is also very important. Gamers should also take note if a company contact is specified.

Some gaming companies state that they do not take responsibility for personal information transferred to third parties and cannot guarantee a comparable level of protection if information is processed by a third party in another country, for example. Most gamers have limited knowledge about the scope of disclosure of personal information to third parties.

Who else can access your in-game communications?

Once you set up a personal account within a gaming network and post a profile, you will be able to send messages or even chat live to others playing the same game. For some mobile consoles and games, this element is one of the most popular features. You might be able to communicate through email or chat, or via a microphone, both inside and outside the game.

These communication functions are not critical to most game play. Your privacy settings should allow gamers to block certain other gamers or close down communications entirely if there are problems. Most services also encourage gamers to report incidents immediately if another user is harassing or abusing other gamers.

Deleting your personal information

Some privacy policies have no provisions regarding data retention, deleting personal information or deactivating accounts. This means gamers no longer playing a game online may close their account, but still have personal information both online and with gaming corporations.

Canada’s private sector privacy law says companies must ensure they have proper methods for disposing of personal information they no longer require. See our Personal Information Retention and Disposal Principles and Best Practices guidance for more information on companies’ obligations.

Date modified: