Connect with us
< All Topics

Data Protection

Data Protection – The concept of data protection designates the process of safeguarding data from unauthorized access, communication, corruption, compromission, or loss. Data protection, in its broadest meaning, can concern all kinds of confidential data, whether of an economic, business or personal nature.

The protection of data requires the implementation of various types of measures. These measures can be of a technical nature (e.g. identification and authentication of users of systems likely to access the data, use of sufficiently protective passwords, data encryption, network protection), of a contractual nature (e.g. confidentiality agreements), or even of a regulatory nature (i.e. compliance with applicable legislation).

When it comes to data protection, the top-of-mind area would be personal data protection. With regard to personal data, regulations at European level are relatively recent, whereas France, has been a pioneer nation in the protection of personal data, as the first law on this topic was adopted in 1978.

The European regulation is constituted by the General Data Protection Regulation (GDPR) 2016/679, adopted by the European Parliament on April 14, 2016 and in force since May 2018.

GDPR defines “personal data” as


any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.[1]

Under GDPR, the most protected category is “sensitive data”, which includes information related to ethnicity, religion, race, sexual orientation, or even political opinions. As a principle, it is prohibited to process this type of data, except in certain cases, notably where the user has consented to it, or if it is necessary for public interest for example[2].

Among the rules provided by GDPR, the processing of personal data shall be lawful, and transparent to the users. According to the “data minimization” principle, the data processing must be necessary and dedicated to a determined purpose. It is also mandatory to ensure that the personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed[3].

The GPDR also provides for various rights applicable to individuals whose personal data is processed.

Data privacy and the gaming industry

When applied to the gaming industry, data privacy is fundamental. Indeed, when players register online, they generally provide several personal information such as an email address, gender, age and potentially their name. Some games include in-game purchases, which imply that the players may also provide card or payment details.

The processing of this personal information implies that all stakeholders and notably game developers, providers and hosts comply with applicable regulations, and use all means at their disposal to avoid any personal data breach.


The information provided to gamers whose personal data is collected must be particularly thorough and clear, especially as it very often concerns the personal data of players who are minors, which implies compliance with specific rules.

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L 119/1, Article 4.

[2] Ibid, Article 9.

[3] Ibid, Article 5.


  • Camille Raclet

    Camille Raclet is a French lawyer. She was admitted at the Paris Bar in 2015 and works in Paris since then. She is part of the IP/IT and Personal Data Team of law Firm ADVANT Altana, as a counsel. Camille Raclet practices, as an advisor and a litigator, intellectual property law (copyright, trademarks, patents and designs). She works on all digital-related issues, in particular information technology law (drafting and negotiation of contract, assistance in the course of IT and digital transformation projects and litigation). Camille Raclet has also been practicing data protection law for years, through all types of cases and notably intervenes in case of security breaches and deals with aspects related to cybersecurity. She works with French and international clients, in various sectors of activity. Camille has obtained the CIPP/E certification (Certified Information Privacy Professional / Europe). She is also a member of French association « APRAM » (Association of Trademark and Design Law Practitioners).

Table of Contents