New Delhi: As Indian’s online gaming industry awaits the implementation of the Digital Personal Data Protection (DPDP) Act, 2023, experts have offered recommendations on crucial clarifications and potential exemptions for gaming, especially concerning parental consent, the handling of children’s data and compliance timelines for data processing restrictions.
The rules for the DPDP Act will be released soon and the implementation of the data privacy law would be “digital by design”.
The online gaming industry in the country reached an estimated market size of Rs 16,428 crore in 2023, contributing to the direct employment of more than 1 lakh people, thanks to more than 425 million gamers.
The report by the All-India Game Developers’ Forum (AIGDF), in partnership with the Indian Governance and Policy Project (IGAP), has examined specific data protection compliance requirements across categories of online games — ‘Free-to-Play’, ‘Real-Money’ and ‘Web3’ gaming.
AIGDF spokesperson Roland Landers said that DPDP Act is a landmark law for India, and its impact on the gaming industry, like other digital sectors, cannot be overstated.
Non-compliance with the DPDP Act could result in penalties as high as Rs 250 crore ($30 million), putting added pressure on Indian gaming companies, including MSMEs, to meet stringent data protection standards once the law is in effect, the report mentioned.
“The DPDP Act imposes several new compliance obligations, such as granular notice and consent requirements, on gaming companies processing personal data across categories. However, the impact of the law may vary significantly across different gaming formats,” the findings showed.
For the ‘Free-to-play’ category, compliance requirements may be significant as the target audience may include players under the age of 18, for who the DPDP Act prescribes additional obligations to data fiduciaries.
The ‘Free-to-play’ games are expected to face new challenges with implementing parental consent, data processing restrictions, and prohibitions on behavioural monitoring and targeted advertising aimed at children, all of which may fundamentally impact the business models of these games.
When it comes to ‘Real-Money Games,’ the impact may be limited. However, notice and consent requirements, along with sectoral regulations may impact KYC processes implemented within games.
The report said that interaction between the DPDP Act obligations and Web3 gaming elements such as digital avatars, blockchain, pseudonymous identities and psychophysical data is a potential grey area, leaving scope for clarification from regulators.
–IANS