Player Privacy: Ensuring a Secure Gaming Experience for Every Generation
Player Privacy: Ensuring a Secure Gaming Experience for Every Generation
At Tilting Point, we have a portfolio of 80+ live games that are played by over 40 million monthly active players across the globe every day. We couldn’t have achieved such wide distribution if our players didn’t trust us, and it’s of the utmost importance to us that we have earned and continually deserve that trust. So our players’ privacy, safety and security are always top priorities for our entire team.
We also pride ourselves on making games players love with some of the world’s most well known and beloved brands, ranging from James Bond, Star Trek and Godzilla to Avatar: The Last Airbender, SpongeBob SquarePants and so many more. As a result of this diversity, our player base is wide and varied, spanning countries across the globe. And even though our games are not specifically made for or targeted to children, some of the properties involved are interesting to younger audiences, so the age range of our players can vary as well.
For all those reasons, we have taken specific steps as a games publisher to ensure the privacy, safety and security of all players, regardless of age or where in the world they are playing. We have a multi-pronged approach to maintaining this responsibility, and below we will share some of the most important considerations which could help other publishers or developers choose the optimal protocols for their own privacy frameworks.
Privacy Regulations Around the World
If your game has an international player base, as Tilting Point’s games do, you’ll already be facing a host of complex requirements. With an increasing number of nation-specific privacy regulations across the globe, complying with each and every law separately can require significant oversight, and fines for not properly complying with their laws can be exceedingly high in some countries. If you don’t have sufficient resources to analyze and implement the privacy rules of each jurisdiction that is relevant for your company, you may consider focusing primarily on regulations that represent the most stringent standards, which may serve as an “umbrella” for other less strict rules. Many privacy laws have basic principles and requirements in common, even if there are some important local differences that you should acknowledge.
When Children Want to Play Our Games
Protecting our younger players is of paramount importance to Tilting Point, and it’s because of this that we sought a direct partnership with PRIVO. PRIVO is an independent, third-party organization and FTC approved COPPA safe harbor which supports companies to ensure they are safeguarding children’s personal information collected online. PRIVO supports us in complying with the Children’s Online Privacy Protection Act (COPPA). COPPA is a law that ensures that parents and their children exercise control over personal information while using online services. PRIVO began assessing the compliance standards of our apps in 2023, and will continue certifying them over the coming months.
In PRIVO’s program, games are subject to a lengthy and robust process which involves assessments, tracking scans, analysis and findings, and risk reports. Third parties and service provider implementations, game features and functionality are reviewed to ensure there is only compliant collection and disclosure of data. Once the stringent compliance standards are met, PRIVO awards participants its COPPA Safe Harbor certification and Seal.
Right now, many countries consider any player under the age of 16 to be a child, which is soon becoming even more stringent in certain places where that age threshold is expected to rise to 18 (for example, see the Age Appropriate Design Code in CA; this is already the case in the UK). For developers making games with broad audiences, it’s important to determine whether a game is targeted towards children or made for mixed audiences (like some of Tilting Point’s games, which are designed for older users but attract children). The legal obligations of each differ and may have an impact on revenue — from parental consent to engaging different vendors for ads, customer support, analytics and more.
Age-Gating and Consent Boxes
Not all games need an age gate, and it may have a negative effect on the game’s User Acquisition (UA) and user experience if not applied properly. But if your game does require the age gate, there are ways to implement it effectively, and to provide a restricted but enjoyable & seamless experience for younger users that doesn’t involve tracking and profiling.
It’s important to conspicuously show your privacy policy and terms & conditions, and to ask older users for personal data collection/processing/sharing permission when necessary or appropriate. Depending on the jurisdictions you serve, you should decide which approach is more appropriate: opt-in (meaning your players need to affirmatively provide their consent for specific data collection) or opt-out (e.g. the consent box is “pre-ticked” and if players do not want to provide their consent, they should unclick the box).
Working with Ad Networks
When partnering with ad networks, all documentation presented by them should undergo a thorough review process to ensure a clear understanding of the roles and responsibilities of each party. In particular, you must determine which personal data gets collected in the game and how the ad network treats such data. Depending on the age group and consent mechanisms, some of your users may see only contextual ads, while others will be allowed to be served with targeted/behavioral advertising. Also, caution is advised with respect to the types of ads served to different age groups — which is why you ought to provide clear instructions to your ad partners.
You should find a reliable representative/partner within the ad network to help whenever necessary, as there are always times when their internal processes need to be clarified quickly. On a set schedule, it’s also recommended to do Quality Assurance (QA) on all ads, to confirm they are appropriate and ultimately shown to players per the relevant criteria.
Setting Expectations With Developer Partners
There’s no such thing as too much communication about privacy, safety and security (or oversight of its execution) when working with developer partners. It’s crucial to provide clear guidelines on what can be safely implemented in each game, to get a clear list of and approve each Software Development Kit (SDK) used by the developer, and to always have access to code in case of need for an internal review. Being explicit about your requirements for each game, and sharing essential privacy rules that you and all your partners should follow, is always helpful in making sure all parties are aligned about privacy & security expectations and goals.
These are some of the top considerations for keeping players and their information private, safe and secure, but there are always new developments, and we would love to hear your thoughts on the information we’ve provided. Please feel free to comment, or to share any questions on Tilting Point’s social pages — X, Facebook, YouTube — to keep the conversation about player safety going. And if you are interested in working more closely with Tilting Point on making your games certified safe for all audiences to enjoy, reach out to us at our website!
Tilting Point is a leading free-to-play game publisher, recognized at #10 in PocketGamer’s annual list of the World’s Top 50 Mobile Game Makers. Through strategic partnerships and multiple acquisitions, Tilting Point has amassed over 80 game titles under one roof. Its world-class portfolio features some of the most recognizable licensed IP titles, including SpongeBob: Krusty Cook-Off, SpongeBob Adventures: In a Jam, Star Trek Timelines, Barbie Dreamhouse Adventures and Cypher 007. With the video game industry poised to resume its rapid growth, Tilting Point is currently executing on a robust content acquisition strategy, while simultaneously developing a powerful next-gen cross-promotion platform to drive user acquisition and create a direct relationship with the world’s gamers.
