Localising terms for all 28 European Union Member States is, of course, time consuming and raises practical issues. Our experience is that many games businesses focus on the top X markets in Europe (X may commonly be 5, or more, but rarely 20+), and develop terms that comply with the local laws in those markets. Often, it makes sense to provide local translations of the respective terms anyway.
Contracts for games development and publishing need to balance interests between the parties involved. The particular circumstances for the several platforms such as PC, consoles and mobile devices have to be kept in mind. New rules have been introduced in European Copyright Law in 2019 by the Directive on Copyright in the Digital Single Market, such as a binding principle of appropriate and proportionate remuneration, and transparency on revenues.
The General Data Protection Regulation (GDPR) harmonises data protection across Europe although several aspects remain in the national legislation via flexibility clauses (e.g. processing in employment context). GDPR builds on some existing principles, it also contains extended and new obligations regarding data processing as well as extended rights for data subjects. Most importantly, fines have drastically increased.
In addition, special national regulations must be observed due to the flexibility clauses contained in the GDPR (e.g. with regard to data processing in the employment context). Furthermore, the GDPR also applies to non-EU companies that operate in the EU and process data from EU citizens.
Guidance regarding the implementation of the GDPR is provided by national supervisory authorities as well as the European Data Protection Board.
The following principles are the basic principles of the GDPR
Further, games companies need to implement mechanisms to ensure that the data subjects’ rights of players (e.g. access, erasure, portability) can be exercised. Special rules apply for minors and with regard to specific “sensitive” data such as health data. Also, data retention times become a matter of higher interest recently. The transfer of personal data to recipients outside the EU requires additional legitimation, such as reliance on EU model clauses or an adequacy decision of the European Commission. In light of the most recent Schrems II decision of the Court of Justice of the European Union, the Privacy Shield is not considered granting adequate protection for data transfer to the US any longer and some may challenge the EU model clauses in that regard as well. As the value of player data, and the knowledge and awareness of European consumers about their rights increases, these issues are crucial for games businesses.
The European market is subject to “distance selling” laws that protect players in relation to purchases online. Prior and after any purchase of games, or in-game items or virtual currency, online-game businesses have to comply with numerous requirements, which include:
However, these requirements vary to a degree across the European Union Member States and so do the consequences of not meeting the respective requirements.
Further, each European Union Member State was required to give effect to the Directive on Consumer Rights (Directive 2011/83/EU) by 13 June 2014. Each country is doing so under its own legislation. This new Directive requires, inter alia, online games businesses to ensure the player, when placing an order, explicitly confirms that the order implies an obligation to pay. If placing an order entails activating a button or a similar function, the button or similar function must be labelled in an easily legible manner only with the words ‘order with an obligation to pay’ or a corresponding unambiguous formulation in the local language.
There are also new regulations regarding digital content, which will have an impact on games businesses, such as the requirement to obtain express consent and acknowledgment from players that the 14 days cooling off period will not apply after download.
The EU Directive on Digital Content has been adopted in May 2019 introduces the concept of “payment by data”, establish significant statutory warranties and retrieval of user content and user data upon termination. As the scope of this directive is broad, it will affect all online and mobile games providers selling to European customers.
If games businesses fail to comply with the legislation, which implements the Directive on Consumer Rights, it is likely that their players will not be legally bound under the relevant end user terms, which include, of course, the obligation to pay (e.g. the cost of the game, virtual items and/or currency). In Germany, for example, a games business failing to comply with the applicable consumer protection laws also could cause competent consumer protection agencies or competitors (sometimes even users) to bring action against them (following ignored or disputed cease-and-desist letters). It is therefore important that games businesses ensure the information disclosure and other requirements of the implementing legislation are complied with.
The EU-Geo-Blocking Regulation has entered into force in December 2018 and prohibits to block or limit access to online interfaces on the basis of nationality, residence or establishment of the customer, e.g. in the form of auto-forwarding mechanisms that lead to the user only being able to use a website in the version of his or her home country. The European Union Member States seem to be slow in enforcing the EU-Geo-Blocking-Regulation, even though they (like Germany, for example) may have implemented local laws to be able to enforce the Regulation. At least, fines or administrative orders, if any, seem not to be published so far.
To the extent games businesses allow players to communicate with each other/ post content or comments on the platform, such businesses run the risk of content liability. European laws do include certain defences around “hosters” and “ISPs” however the applicability of these is dependent on careful consideration in terms of operating model, particularly around moderation and notice and take-down procedures for so called host providers. According to recent case law of the Court of Justice of the European Union, internet access providers may be obliged to block content infringing copyright under certain circumstances.
Games tournaments can be subject to various legal requirements. When hosting “offline” tournaments, the host might also have to comply with additional requirements such as in respect of protection of minors (e.g. not permitting underage gaming or supplying minors with alcohol), gambling law, advertisement law and entry requirements for players.
When streaming a tournament, that streaming may under certain conditions qualify as a broadcast and be subject to a licensing requirement. The same may apply for gamers streaming gaming content on platforms like Twitch.
Recent case law in Europe has confirmed the rights of software licensees to share software, which is “sold” and software providers, depending on their licensing model, cannot prevent this. The application of these laws to games software is uncertain but possible. Technical measures can be used and cloud based games are likely to not be caught. Of course the second hand market in disc based games is long established, however the laws present challenges for providers of downloaded games and terms need to be carefully crafted.
Similar questions arise in connection with so-called key selling. German district courts ruled (one ruling being confirmed by the German Federal High Court) that the sale of isolated product keys by a third party infringed copyright and could be stopped accordingly.
Not to be confused with the regulation of issuing e-money is the somewhat less regulated world of virtual currencies (such as Bitcoin). Bitcoin, in particular, is increasingly accepted by games businesses such as Zynga, and Microsoft recently restored it as a payment option in its Xbox and Windows stores. Virtual currencies have been getting a lot of media attention, not always positive, which may scare off potential users. Any business thinking of accepting virtual currencies must consider how to manage risks including theft, fraud, exchange or marketplace insolvency, hacker attacks and money laundering as well as the risk of serious reputational damage, if things go wrong.
Along with the US and other jurisdictions, the UK government has started to consider whether regulation is necessary in this area and there is a risk that fragmented regulatory and taxation frameworks could emerge. Mainstream adoption is hindered by the overall lack of certainty in core areas and, ultimately, we expect legislation to harmonise requirements covering a range of topics, such as refunds, price guarantees, complaint handling, protection schemes and secure IT-Systems.
Publishers need to think about how they can design systems to accept virtual currencies – and how to redeem them – in an ever changing regulatory environment.
Whilst some games businesses may focus only on the key markets in which they operate in Europe, it is important to note that non- compliance can lead to criminal sanctions. As such, the in-game payment issues should be treated as higher risk.
Advertisement in Europe is regulated by several Directives such as the Directive on Misleading and Comparative Advertising and the Directive on Unfair Commercial Practices. There is a strict labelling requirement as all advertisements should be recognisable as such. Subliminal techniques are generally unlawful. Labelling should be sufficiently clear and visible. Advertising directed at children may not contain direct exhortations to purchase. Advertising should be true and not misleading and the advertiser needs to be able to show and prove that his assertions are correct. Specific advertising restrictions apply to certain media (e.g. broadcasting), content (e.g. violence or nudity) and specific products (e.g. alcohol). When using influencers on social media for advertising campaigns, advertisers may also liable for false or missing labelling by such influencers.
Influencers (and advertisers) need to be aware when, and how to disclose and label sponsored content. Recent Case law in Germany suggests that “#ad” and “#sponsored” will not be sufficiently clear.
The purchase of so-called loot boxes is currently the subject of controversial discussion, in particular, the classification as a game of chance. The Dutch and Belgian gambling supervisory authorities have classified some games (Overwatch, FIFA franchise, CS: GO, Star Wars: Battlefront II) as gambling due to the embedding of loot boxes and found that they violate the relevant gambling laws. Either the loot boxes must be removed or a gambling license must be purchased. In Germany, loot boxes are currently not seen as generally illegal. In addition to gambling law issues, questions may also arise with regard to consumer law and the protection of minors.
The above issues do not include the general additional issues that any digital business operating in Europe needs to cater for including:
There are a number of upcoming European sets of rules and events, which need to be monitored, such as