Transparency in Esports: A Legal Perspective on Data Trading in Germany and the EU

Data Trading: An Introduction

Picture yourself as an esports athlete who frequently joins tournaments and competitions. Whether you are a part-time professional or full-time professional, it does not make any difference. What remains is that it is the tournament organizer’s duty to supervise the game in order to prevent any cheating by teams or players using bots or comparable tactics. The tournament organizer manages the game’s data streams to achieve this. Up to now – all is well. However, what happens with the data after the tournament ends?

Information from esports events and competitions, such as statistics and performance metrics of esports players, are transmitted by tournament hosts like Riot Games to several analytics firms. Data analysts such as Bayes Esports or Splunk assess and organize the data. Afterwards, they make it available for purchase for different end-customers. Betting providers find the data especially intriguing as they can use it to determine their betting odds.

This article examines data trading in esports and offers a legal perspective overview on the topic. The article ends with useful advice on how stakeholders can lawfully protect data exchange.

Data Trading in Esports

The most important point – when it comes to data trading in esports – is the finding that trading data in Germany and Europe is permitted. Trading with personal data, which is specially protected under the GDPR, is also permitted.

“The trading of data in Germany and Europe is generally permitted!”

Tournament organizers process not only the performance data of esports athletes but also their personal data such as name, date of birth, account name, etc. All these data are personal data, which means that the organizers are subject to the obligations of the GDPR. In addition to the tournament organizers, usually the organizations of the esports athletes (clubs/clans) are collecting data, too. They analyze and evaluate the performances of their team members for training and practice purposes and employ data analysts for this. More often than not, health data such as heart rates is recorded as well. Notably, health data belong to the category of special personal data and are therefore particularly in need of protection.

Data Protection in Esports

As legal entities responsible under the GDPR, organizers and organizations are subject to various data protection obligations. For example, they may only process the data for the purpose for which it was originally collected – exceptions included. If tournament organizers collected the data for monitoring and control purposes, this purpose would cease at the end of the tournament. This would mean that the data sets would have to be deleted, making their transfer to data analysts not permissible.

Responsible parties must also ensure that the data is protected from unauthorized access, such as hacker or cyberattacks.

Furthermore, in the context of data trading, the information obligations according to Articles 13 and 14 GDPR must be observed. Accordingly, responsible parties must make certain information available for identification and contact options when they want to store, process, and pass on data. This information is regularly contained in the privacy statement. It is also important in this context that third parties to whom the personal data is passed on must actively inform the esports athletes about the data processing and fulfill the information obligations under the GDPR. That is the legal situation, even if practice looks different.

The Problem

The exchange of data of esports players has been a common practice in the industry for a long time, despite being rarely discussed openly. And the indiscriminate sharing of information presents a significant possibility of misuse. The issue lies in the fact that many esports athletes do not perceive this risk yet, resulting in it not being recognized as a major threat. For instance, a soccer player must consider physical (and mental) injuries throughout their career, while in esports, it is one’s own data sovereignty that is at risk. he potential for big data analysis, artificial intelligence, and quantum computers to exacerbate these injuries in the future becomes a marginal note.

This lack of knowledge, commonly seen among organizations as well, results in data trading frequently not being fully addressed in contracts. This mainly impacts the agreements between esports players and teams. Merely including promises to adhere to the GDPR is no longer enough on its own. Esports players should ensure control over their personal data. In addition to strict regulations on data security and protection, licensing agreements for using performance data are also necessary. Since the majority of contracts either lack regulations on sharing performance data or have insufficient ones. In simple terms, the outcome is that the esports athletes are relinquishing their assets.

“The majority of contracts do not regulate the sharing of performance data adequately or at all!”

The Gaps in Contracts

A seamless chain of contracts is therefore essential for organizations, tournament organizers, data analysts, and betting providers as end consumers. If the organization did not grant the permission to transfer the data to event planners or data experts (sub-license), there would be legal issues with the data. This implies that the company would be marketing data that cannot be shared because of the absence of sub-licensing. This legal issue would affect all stages of the value chain. In the final analysis, data analysts and betting providers would lack permission to use the data of the esports athletes.

For the organizations, the tournament organizers, the data analysts, and the end consumers, using someone else’s data without the right to do so can have unpleasant consequences, which can lead to claims for damages.

What Needs to Be Done

Esports athletes should examine their contracts to protect their data sovereignty. This pertains to protecting data and particularly to sub-licensing. It should be taken into account to make the permission for transferring and trading the data conditional on additional payment. The same rules also apply to the organizations. They need to verify if they have any financial ties to the data sales of their esports athletes or if they could potentially be tied to them. It is necessary to include suitable clauses in the agreements between the company and the event planner and the data experts if they are not already included.

It is important for betting providers to carefully examine the contracts with data suppliers to confirm that the information about esports athletes can be legally sold. If not, data owners could potentially seek compensation and information requests as stated in Article 15 of GDPR.

The trading of data in esports is daily business. Now, it is necessary to put data trading on legal feet. For esports athletes and organizations, this means focusing more on the risk of data misuse than before and signing licensing agreements to participate in the sales revenue of the data.