Video Games: A Pitfall For Unethical Child Data Aggregation?

Video Games: A Pitfall For Unethical Child Data Aggregation?
Alexandre Baude | June 26, 2022

Lede: Children’s phone games are a dangerous playground where minors risk—and suffer—data abuse.

Overview: Children who innocently amuse themselves playing phone games such as Duel Links and Raid: Shadow Legends are wandering into the clutches of dangerous data brokers through games. These games leverage the guise of “Legitimate Interest” and “Informed Consent” to aid and abet the procurement of data collected from minors who do not have the intellectual knowledge or maturity to protect themselves from data predators.

(Zovoilis, 2013)

At a time when an estimated 40% of U.S. parents allow children aged 10 and under to have a cell phone (Hurtado, 2021), kid-owned cells phones are here to stay. The reason for cell-phone ownership among this demographic is, in part, because busy parents seek connectivity with their kids who often have after school and weekend activities in conflict with their parent’s schedules, so the cell phone is meant to be a lifeline to ensure the safety and wellbeing of our youth. Another main reason why parents give their children cell phones is to provide children with entertainment. Enter the wolves in sheep’s clothing.

Ironically, the cell phone—which many parents view as a way of keeping their children out of harm’s way—is, in fact, an open invitation to data predators. Minors as young as three know to tap the Privacy Notice “consent” button—often in an attractive color—in order to play their favorite games. For example, games such as Duel Links, a popular digital version of the classic Yu-Gi-Oh card game, don’t require parental approval to access the game. Unfortunately, this doesn’t stop Konami, Duel Link’s parent corporation, to build a data profile of their child leveraging identifiers such as: IP Address, Device Name/OS Version, Usage Data, and even “identifiers as designated by third parties”—a dangerously vague line seemingly implying unabridged access to their data.  Even children whose phones have strict parental-control settings don’t get affected by the privacy notice within the app; you simply press “I agree.”

Issues such as Information Dissemination and Information Processing—let alone data accrual by third parties—don’t spring into an eight-year-old’s mind, let alone alarm their parents. COPPA guides for Accountability, Individual Choice and Access, and Readability apply in theory, but not in practice. The kids just want to play and the parents often just want their kids occupied (Auxier et al, 2020), which is an ideal formula for gaming corporations who seek, and often succeed, in monetizing clicks. Every time a child clicks the consent button and accesses a fun game is a predictor that the next time the child sees a consent button, they’ll press it right away. While COPPA enforces that websites and online services need to obtain parental consent before collecting personal information on children 13 or younger (and 15 or younger for EU citizens under the GDPR), apps are left to their own devices without repercussions.

(Smith, 2018)

Despite taking efforts to hide the child’s identity through anonymization, the IP address provides a wealth of information, along with the child’s playing preferences, reaction speeds, gear and loot-box purchases, and a host of other data are all strictly personal and confidential. This information, in turn, is used in ad campaigns, sold to data brokers, and other third parties. The practice of data selling and capitalization isn’t at fault, it’s the fact that it directly targets a predominantly under-age population of users that draws ire and worries.

While legislation and regulation like COPPA and the GDPR are fantastic first steps in the battle for data security, parents need to be educated to do their part to ensure that their progeny are kept safe from digital predators. Toward that end, legislation should seek to put in place safeguards not unlike other safeguards that already exist to protect our kids. Gaming companies should institute Privacy Notices that require parental approval as directed through the device settings; they should spare no efforts in preventing the monetization of minors’ data; and most importantly, they shouldn’t continue to turn a blind eye. Games are meant to be safe havens for children, not another data mine.

Reference List

Auxier, B. et al. (2020, July). Parenting Children in the Age of Screens. Pew Research Center.

Hurtado, K. (2021, January). Surprising Facts on Child Cell Phone Usage Statistics.

Smith, D. (2018). Data Protection and Privacy. Flickr.

Zovoilis, T. (2013). Small boy with his mother looking at a tablet [Photograph]. Flickr.