Olga Finkel has recently written an article on the legal aspects of gamification in the Malta Gaming Yearbook 2016 edition published by Country Profiler.
Legal aspects of gamification
What is gamification?
Gamification is the concept of applying game mechanics and game design techniques outside the contexts of gaming, in order to engage and motivate people to achieve established objectives. Use of badges, points, leader boards, and various rewards for reaching goals in non-gaming tasks are just some examples of gamification. Gamification is being increasingly used in marketing and other outward (customer-facing) systems to increase sales, as well as in inward (employee-facing) systems in businesses to increase employee productivity. In a more narrow sense, gamification (or gamblification) is the use of game design elements and techniques within the gaming context to make a game more similar to gambling games.
While gamification is proving to be a very useful tool for heightening customer participation and engagement, modelling and influencing their behaviour and ultimately positively driving business performance, there are several legal implications that one needs to be aware of. Some of these implications are discussed below.
The gamification trend is closely related to another important current trend – ‘big data’ and its analysis, as gamification is built upon leveraging data. Data on customer actions and behaviour is collected in many different ways, such as when browsing the web, interacting with others in social networks, using loyalty cards and points systems, and through the increasingly pervasive presence of mobile apps and smartphones. More and more data is collected about customer activities, locations, choices, moods, friends, preferences, financial means, and many other attributes. Personal data is also used to create customer segments to design targeted marketing campaigns. All this data is analysed and used to predict and influence customer behaviour and future choices.
Gamification features are often designed on the basis of analysing the collected customer data and rewarding the customer for the choices and actions desirable for the business, for example, offering promotions for purchasing more products that customer normally buys or for purchasing products linked to them. Once data collection and use are in play, it is not surprising that privacy becomes a major concern, and compliance with applicable personal data protection laws becomes a necessity for all websites operators, app developers, and data analytics / business intelligence departments alike.
It is against this background of increasingly pervasive collection and use of personal data, that the European privacy laws are set to be reformed. In December 2015 the EU has adopted the data protection reform package, which aims to ensure that the citizens’ fundamental right to personal data protection remains strong in the digital age. The new law, the General Data Protection Regulation (GDPR), will come into force in two years’ time, thus giving adequate time for companies to prepare. The GDPR will provide tools for individuals to have more control over their personal data and its use, ensuring stronger and more effective enforcement of the data protection rules, while simplifying compliance for businesses by mandating the same set of rules for every EU country. GDPR will enshrine the ‘data protection by design and by default’ principle – all products and services will have to be designed with data protection in mind, and business will have to put privacy-friendly settings on their apps and websites by default. The individuals’ right to know and decide on when, how and for which purposes their data is used will be strengthened. The GDPR will also provide for new rights: the right to be forgotten, to have data portability and to know when one’s data has been compromised. All these privacy aspects will need to be taken into account when collecting and processing personal data in gamified (and all other!) digital contexts.
Another important aspect that gamification brings to focus are considerations relating to intellectual property, in particular where gamification results in offering participants rewards in the form of virtual goods developed, assembled or obtained through participants’ actions (user-generated content), or where participants may buy virtual goods to advance in a game. Who has the right over these virtual goods, the participant or the organiser of the game? What if a user buys a virtual good in a game world but the game designer takes it away? What if the virtual good is stolen or ends up the subject of a court case? It may not be easy to answer these questions. Those designing the gamified experiences must be aware of potential problems and set out clear rules, in the terms of service, for participants to minimise the risk of breaching third parties’ rights, as well as to clearly protect own intellectual property.
Last but not the least is the regulatory implication of gamification. Gamification produces experiences that may be on the boundary line between regulated and non-regulated industries. Sometimes the boundary lines may not be clear. Each design for a gamified experience needs to be examined against the regulatory framework for gaming and gambling. Clearly, not all experiences become regulated as gaming proper simply because they use some elements used also in regulated games. However, a combination of certain elements will definitely transform a gamified experience into a game subject to the regulatory framework applicable to gaming proper. For instance, introduction of prizes for winners that can be used outside of the game’s world or be exchanged into money, goods or services is one such element. Requiring a stake to participate in the game is another. Introducing an element of chance that has a material effect on the outcome of the game is yet another such element.
Unlike in the case of unregulated industries or industries benefiting from the passporting rights in the EU across regimes, the examination of whether a gamified experience falls within the regulatory regime applicable to gaming must be carefully carried out in territories where it is proposed to be offered, since there is no uniform or harmonised international regime for gaming regulation. As a result, it may be the case that the same gamified experience is subject to regulatory scrutiny in some countries but not in others. If it has been determined that the experience does fall within the scope of gaming regulatory framework in a country, then all relevant obligations and responsibilities would apply to the provider of the experience and, therefore, compliance will become mandatory.
Gamification is a relatively new trending concept already successfully applied to many activities; and we will see even more areas of business, employment, education, health and many other services implementing useful gamification methods in the future. We should not lose site, however, of the multifaceted complexity and of multiple and often intertwined legal and regulatory implications that gamification brings, so that the legal risk for enterprise is minimised and the applicable laws are continuously complied with.