Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
January 27th, 2021
Level Up: 33 Legal Tips for Game Developers and Publishers
2020 was a year of monumental change everywhere – including in the interactive entertainment world. As live events went online, more people gathered in front of screens to play, connect and consume than ever before. Developers and publishers responded with new technologies, platforms, devices, games and services. 2020 saw many game-changing legal developments – developments that will continue to affect the industry in 2021. Here’s a fast tour of the 33 legal areas all developers and publishers should keep in mind as we embark on a new year.
Legislative Updates
Here – in alphabetical order -- are the 13 hottest legislative changes we are watching.
Artificial Intelligence
The EU is contemplating comprehensive legislation to govern the development and distribution of artificial intelligence. While the details are not fixed, the package is likely to include components from three recent resolutions adopted by EU Parliament: (i) the Framework of ethical aspects of artificial intelligence, robotics and related technologies; (ii) the Civil liability regime for artificial intelligence; and (iii) the Intellectual property rights for the development of artificial intelligence technologies. The first draft of this legislative package is expected in Q1 of 2021.
Audiovisual Media Services Directive (AVMSD)
The AVMSD went into effect September 19, 2020. But as of November 2020 only 4 EU Member States had implemented it into national law (Denmark, Hungary, the Netherlands, and Sweden). The EU Commission commenced infringement proceedings and sent letters to the 23 other EU Member States and the UK requesting they reply within 2 months with updates on implementation of the AVMSD national law. Look for additional Member States and the UK to consider AVMSD implementation in 2021.
Earlier in 2020, the EU Commission released non-binding guidelines for implementation of the AVMSD, including: (i) SVOD services must ensure that 30% of film and TV titles in their catalogues are European works; and (ii) video sharing platforms (including social media sites), where the essential functionality or principal purpose of the platform is devoted to providing programs and/or UGC, must adopt measures to protect minors from harmful content and all users from content which amounts to hate speech, incites violence, or is considered criminal. These guidelines may prove useful as implementation of the AVMSD continues in 2021.
Competition/Anti-Trust
EU Digital Services Act and Digital Market Act: With an eye to updating the 20-year-old e-Commerce Directive, the European Commission announced in January 2020 that it would propose a new Digital Services Act by the end of 2020. Two legislative proposals were announced in December of 2020. The first set of proposals focuses on updating digital services providers’ responsibilities and liabilities to monitor and filter content on their platforms. The second proposal, the Digital Markets Act, seeks to limit the power of large platforms by prohibiting practices that may preference their own services. We expect the legislative process to continue through 2021 and possibly further.
Chinese Anti-Monopoly Rules: China is considering draft rules aimed at promoting fair competition in e-commerce marketplaces and payment services. China’s State Administration for Market Regulation is seeking public review and feedback before proceeding further with the draft rules. However, it appears likely that China will pursue some type of antitrust regulations focused on e-commerce in 2021.
EU Digital Content Directive
Adopted in May of 2019, the EU Digital Content Directive aims to harmonize consumer contract law across EU Member States. It creates binding requirements for contractual conditions in digital content and services agreements. In addition, companies must grant consumers comprehensive remedies (supplementary performance, termination of contract, etc.) in the event of a lack of conformity or failure to provide the content or services. The directive does not speak to damage claims, which is left for Member States to determine respectively. Member States must implement the directive into their national laws by July 2021.
EU Copyright Directive
The Directive on Copyright in the EU, which came into force in June of 2019, revises safe harbor provisions which would effectively create increased liability for OSPs. The deadline for Member States to implement into national law is June 7, 2021. Critics of Article 17 of the directive argue that it does not provide necessary minimum safeguard requirements or enforcement provisions, leaving it up to Member States and OSPs to reconcile the requirements of Article 17 (which requires a form of upload filtering) with the protections in the Charter of Fundamental Rights (freedom of expression, freedom to receive/impart information). The Court of Justice of the EU has been asked to annul the upload filter requirements of Article 17, but a decision is not expected until after the implementation deadline. As a result, Member States may have to implement legislation based on the non-binding recommendations of the European Commission and proponents of Article 17.
Privacy
EU ePrivacy Regulation: The European Union ePrivacy Regulation would broaden the scope of the current ePrivacy Directive and align the various online privacy rules that exist across EU Member States. The ePrivacy Regulation would take on board all definitions of privacy and data that were introduced within the General Data Protection Regulations -- and clarify them. The ePrivacy Regulation has yet to be “published” by the EU Commission, but it remains an item of interest that is likely to have implications in 2021.
European Electronic Communications Code: The EECC, which amends the current definition of ‘electronic communications service’, came into force on December 21, 2020. Once implemented, it will mean that the ePrivacy Directive will apply to all over-the-top (OTT) services.
EU Data Governance Act: Currently in draft form, the EU Data Governance Act aims to harmonize the availability and use of data with the hope of increasing trust in data intermediaries. The EU Data Governance Act draft proposes: (i) the conditions for re-use of certain categories of data held by public sector bodies in the EU; (ii) a notification and supervisory framework for the provision of data sharing services; and (iii) a framework for voluntary registration of entities that collect and process data made available for altruistic purposes. It is intended to create a network of trusted and neutral data intermediaries and an oversight regime comprising national supervisory authorities as well as a pan-EU coordinating body. This proposal further ensures that the EU is likely to be a hotbed of privacy-related action in 2021.
California Privacy Rights Act: In November 2020, California voters approved Proposition 24, creating the California Privacy Rights Act. The Act, which takes effect January 1, 2023, amends and expands the existing California Consumer Privacy Act. In particular, the California Privacy Rights Act: (i) modifies the definition of a covered “business”; (ii) introduces “sensitive personal information” as a new regulated dataset; (iii) provides for new rights and amends existing rights for consumers; (iv) regulates the sharing of PI for cross-context behavioral advertising; (v) creates a new privacy enforcement authority; (vi) adopts certain GDPR principles; (vii) amends the definition of “service provider” and introduces a new category of “contractors”; (viii) extends the employee and business-to-business (B2B) exemption to January 1, 2023; (ix) clarifies the consent standard; and (x) expands actionable private rights. While the CPRA is still two years from taking effect, we expect to see companies taking responsive actions throughout 2021.
Canadian Digital Charter Implementation Act: This draft legislation, introduced in November 2020, would establish a new privacy law: the Consumer Privacy Protection Act (CPPA). While there is no timeline for implementation or enforcement, the CPPA would create enhanced privacy protections for individuals and a private right of action, and would require companies to implement policies and procedures to comply with the law.
Section 230 of the Communications Decency Act
Section 230 of the CDA -- which provides safe harbors for internet service providers from claims arising from information provided by another information content provider (including social media and gaming users) -- has been targeted for amendment or other changes. Indeed, at the end of December 2020, President Trump vetoed the National Defense Authorization Act in part because it did not repeal Section 230 (Congress overruled his veto.) The controversy over Section 230 is not likely to abate in 2021.
Cases and Other Legal Updates
Here – in alphabetical order – are 20 cases and other legal developments that developers and publishers should stay on top of in 2021.
ADA/Accessibility
Not only are functional software and hardware updates important for expanding accessibility, but consulting with advocacy groups to address user design and representation in characters and narratives are additional areas for inclusion. For example, one prominent game developer was the subject of controversy for describing a character in its game as: "horribly burned in a childhood accident”; “is terrified someone will see her disfigured face”; and “she relieves her fury with bursts of violence." In short, content itself is now subject to accessibility scrutiny.
Biometric Info/Movement Data
Biometric Information: Recent decisions have made it easier to bring private actions arising from the use of biometric data – for example, under Illinois’s Biometric Information Privacy Act. Developers and publishers are therefore advised to review whether any biometric information is collected in any services/experiences/products, either from consumers or employees. In addition to Illinois -- Texas, Washington, California, New York and Arkansas also have privacy laws that cover biometric information.
Movement Data: A recent study has shown that anonymized and de-identified movement data of VR users could be analyzed by machine learning algorithms to correctly identify 95% of the 511 participants, when using less than five minutes of tracking data per person. It is important to consider what movement data is truly anonymous/de-identified before using it without consent.
Click-Thru Terms Enforceability
A gaming app was the subject of a complaint concerning, in part, the applicability of its terms of service. In this case, in creating their accounts, users were asked to submit certain demographic information, including date of birth, and prior to submitting such information acknowledge via a “NEXT” button that they agreed to the terms of service and privacy policy, which were hyperlinked below the “NEXT” button. The court held that this call to action was sufficient to bind the users to the terms of service and privacy policy. The opinion noted that “the agreement falls somewhere between browsewrap and clickwrap: users do not have to take an extra step to acknowledge the agreement before creating their accounts, but [it] does not attempt to bind users with a passive statement about the existence of the terms either.” Bigger fonts, contrasting colors, and a second click-thru explicitly acknowledging terms and policies help reduce the risk that a court will deem your terms and policies unenforceable against users.
Content Moderation
The growth of online game and social interaction has contributed to an increase of harassment and abusive behaviors, and platforms have responded by implementing and enforcing Terms of Service, Codes of Conduct, and Community Guidelines governing online behavior by users; and Content Moderation policies governing company platform moderators. However, the enforcement of these terms, guidelines and policies has been the subject of scrutiny. Indeed, the content subject to such policies and moderation has led to controversy (whether, for example, such behavior is protected by the first amendment) and the practice of content moderation itself has led to controversy (whether content moderators have access to necessary support, including mental health support, in order to safely review such content). As such, the policies behind content moderation and the practice itself are likely to be the subject of scrutiny in 2021.
Copyright – Tattoos & Emotes
Tattoos: One game developer has been the subject of two recent lawsuits concerning tattoos featured on athletes in several of its games. Unfortunately, the outcomes of these two cases are divergent. In one, the court held that the use of the tattoos was de minimis, subject to an implied license from the tattoo artist, and also likely a fair use. In the other, the court essentially held the opposite, but sent the questions of implied license and fair use to a jury. As such, while there does appear to be indications that the use of tattoos in video games may be fair use and subject to implied license in the future, currently use of tattoos in video games continues to carry risk.
Emotes: Another game developer has been subject to various copyright infringement lawsuits concerning the use of dance emotes. Most of these lawsuits failed, on the theory that short dance moves do not qualify for copyright protection. However, the developer is now subject to a series of new lawsuits concerning the dancing emotes claiming unfair competition, misappropriation of likeness, false endorsement, trademark dilution and trademark infringement. In response, the developer is arguing these claims are more appropriately governed by copyright law, or are encompassed by the First Amendment right to freedom of expression. The takeaway is that while the use of dancing emotes may not constitute copyright infringement, such emotes are still the subject of other legal theories and legal review -- and continue to carry risk.
Corporate Responsibility & Diversity in Games
The impact of events related to the MeToo, Black Lives Matter, Hong Kong and other protests have caused consumers to expect a certain amount of transparency from companies as to their stance on social issues, harassment, diversity and inclusion, the environment, data ethics, etc. This is expected to continue through 2021.
Curfew
China’s curfew continues to prohibit minors under 18 from playing online video games between 10:00 PM and 8:00 AM, and limits play to 90 minutes of gaming per day (3 hours on weekends or holidays).
South Korea’s curfew bans minors under 16 from playing online games between midnight and 6:00 AM, but parents can request to lift the ban for their children.
Export Controls
The US, China, and EU have adopted tighter restrictions on exports of dual-use items, including cyber surveillance technology, in circumstances where, for example, a transfer to a foreign country poses a threat to national security. As such, any international transfer or use of technology and/or data may be subject to additional scrutiny throughout 2021.
Harassment
Harassment in gaming is likely to continue to be the subject of conversation, and potentially legal review, for the foreseeable future. Indeed, one study released in July of 2020 found that 68% of users of online multiplayer games experienced harassment in the prior six months and 22% stopped using certain games entirely due to such harassment. The Anti-Defamation League in the US released a report finding gamers experienced hate and harassment while playing and issued recommendations that developers and publishers improve content moderation processes and reporting systems -- including monitoring voice chat to enforce such policies. How platforms handle harassment, particularly via content moderation (see above), is likely to be of concern to platforms and users throughout 2021.
Loot boxes and Randomized In-game Purchases
Loot boxes continue to be the subject of legal review around the world. Indeed, 2020 saw legal actions concerning loot boxes brought in the United States, Canada, and the Netherlands, among others, alleging, generally, that loot boxes constitute unlawful gambling.
The ESRB will now require that games that include randomized in-game purchases or loot boxes be labeled with “In-Game Purchases (Includes Random Items)”. PEGI will now require these games to be labeled with “Includes Paid Random Items”.
The Entertainment Software Association has made commitments to publish disclosures related to loot boxes and randomized items. The major console ESA members, including Sony Interactive Entertainment, Microsoft, and Nintendo, are committing to new platform policies that will require paid loot boxes in games developed for their platforms to disclose information on the relative rarity or probability of obtaining randomized virtual items. These required disclosures will also apply to game updates, if the update adds new loot box features. Additionally, many prominent ESA publisher members will disclose the relative rarity or probability of obtaining in-game virtual items from purchased loot boxes.
The FTC held a workshop to assess consumer issues related to loot boxes. The FTC released a staff perspective, summarizing the results of the workshop, available here. Recommendations from the workshop include:
- Improved industry self-regulation, particularly more detailed disclosures for both players and parents.
- Possible modification of the ESRB rating for games with loot boxes or creation of a new rating.
- Disclosure of loot box odds, particularly if a game uses odds that can vary by player or time. Some participants suggested creating in-game purchase disclosures that detail in-game microtransactions.
- Disclosure by content creators of material connections between themselves and the products they recommend, including, for example, whether better odds were offered to creators, per the FTC’s Endorsement Guides (recognizing that livestream formats and an inability of content creators to control platforms may be an impediment).
- Improved consumer education.
- Additional self-regulatory measures such as a website detailing types of microtransactions, displaying in-game spending in real currency, and making loot box items available for direct purchase.
Product Defect
One game and device developer has been subject to lawsuits domestically (class-action suit filed in Washington, and an action filed in California) and internationally (French regulatory action brought by French consumer organization) related to product defects that effect consumer game play. In particular, the complaints filed in the United States allege that the device is defective because its controllers register movement without user command. The complaints further allege that the developer has been aware of these defects, but has failed to notify consumers and refused to remedy the defect. The complaint in California seeks $5 million in damages.
Ratings
ESRB and PEGI adopted loot box warning requirements, and Australian ratings require in-game purchases. Additional content and/or game features may require routine reviews for ratings (see loot boxes above).
In South Korea, an amendment to the Game Industry Promotion Act to simplify the ratings process via a questionnaire system is expected to take effect by the end of 2021.
SAG-AFTRA Interactive Media Agreement
The collective bargaining unit of video game publisher signatories to the SAG-AFTRA Interactive Media Agreement (IMA) agreed to a two-year extension of the 2017-2020 IMA through 2022, with standard 3% wage increases per year and a 0.5% increase for health and retirement contributions.
If you have any questions about these 33 legal developments, or about other interactive entertainment business matters, please contact Sean Kane at (212) 705-4845 or skane@fkks.com; Dorian Slater Thomas at (212) 705-4827 or dthomas@fkks.com; Frances Jensen at (310) 579-9625 or fjensen@fkks.com; or any other member of the Frankfurt Kurnit Interactive Entertainment Group.