It is common for eSports teams to frequently interact with customers and fans. Whether selling branded merchandise, hosting streams, or using email lists, teams will interact with fan data in myriad ways. Whatever the interaction, teams should be aware of the privacy laws surrounding the personal data of their fans.
Recently, privacy laws around the world have been evolving. A proposed law in Canada, known as Bill C-11 or the Digital Charter Implementation Act, has been tabled by the Canadian government and could change how organizations are required to deal with the personal information of their customers. It is not yet binding law, and will likely be subject to rework before it applies, but it will impact how eSports organizations handle personal data.
The new bill repeals parts of the old Personal Information Protection and Electronic Documents Act (PIPEDA) and enacts the Consumer Privacy Protection Act. It provides harsher punishments for rule violations and more power for the Privacy Commissioner to make orders to enforce compliance. It also creates a tribunal for dealing with appeals or levying penalties.
If an eSports organization is using Canadian fan data for any reason, it should get ahead of the game and make itself more privacy-friendly, before the law comes into effect.
Be Smart, Get Consent
The new bill aims to protect consumers by improving the rules regarding consent, including giving consumers more control over their data through informed consent. The bill specifies that informing consumers about what they are consenting to should be done in plain language.
For an organization, this means whenever it collects data from fans, it needs permission first. Further, it can’t just throw legal terms at its fans; it must break down its policies into simple, easy to grasp language, separate from the legalese. The organization must explain what will be collected and how it will be used. Most fans are not lawyers—explanations should be tailored to the typical fan.
If an organization’s services require personal information (for example, shipping merch requires an address), the organization must explain to the customer why this information is necessary. However, if they intend to use that personal information for purposes beyond what is required for a requested service, specific consent for those other uses must be obtained. This is important for the next step.
Delete on Command
The bill also aims to improve consumer control over deletion of personal data. The new law would create obligations for organizations to let customers delete their personal data, or let customers revoke consent if they so choose.
It is never fun to see a fan leave, but should it happen, fans need an opportunity to request that an organization deletes their personal information. Just as consent is given, it should be able to be taken away. An organization should provide fans with the ability to see what information has been collected and give them the chance to request that it be deleted. If a fan does make such a request, personal information should be deleted permanently. If there are multiple types or uses of fan data, fans should have the opportunity to choose the information for which they wish to revoke consent.
Alternatively, fans could be given the option to make their consent renewable. After a certain period of time, personal data could be automatically removed unless consent is renewed. This may assist an organization in ensuring it does not use information that it no longer has permission to use.
Transparency, No Tricks
The bill proposes requirements for algorithm transparency. Customers should be informed when an algorithm uses their data to make a decision about them.
It is common for organizations to use algorithms to show relevant or more personalized content to their customers. For eSports organizations, algorithms can help fans see relevant ads from its partners, or even help grow its fanbase by allowing partners to show ads featuring the organization. Where possible, an organization should develop ways to let customers know why they are seeing what they are seeing. Making available the specific code is likely not necessary, but an explanation of what information was used, and how that information led to the content they are seeing, may be prudent.
These tips will put an organization on the path toward a plan that respects the privacy of Canadian fans and customers. The new bill will provide opportunities for compliance evaluations with the Privacy Commissioner to ensure policies are in line with the new privacy regime. Being straightforward and honest about customer information can strengthen the loyalty a fan has for an eSports organization. In the end, that is what matters.