Rita Garry: Measuring data governance
Rita W. Garry, Attorney and Counselor at Howard & Howard Attorneys, breaks down how data governance can be navigated from different sources, and how operators can measure and reassess data policies.
The universe of privacy and data governance laws, regulations and frameworks is vast.
Over 80% of the world’s population is covered by some form of privacy law. Often, the array of regulatory regimes conflict, overlap and change rapidly. There are laws and policies on data protection, privacy, cybersecurity, consumer protection, content moderation, online safety, artificial intelligence (AI) and intellectual property creating a complex digital regulatory environment. The gaming industry’s verticals are equally as vast. Covering, to name a few, casino play on and offline, console PC, and cloud gaming, sports betting, esports, streaming, mobile and iGaming, reaching overall revenues of $283bn in 2024 with expected growth at more than 8% per year. The glaring difference is the gaming industry is innovating faster than privacy and data governance legal frameworks can react. Gaming is deploying new technologies like virtual reality (VR), augmented reality (AR), AI and blockchain, adding to the complexities of data governance and protecting player privacy, data management, advertising practices and monetization strategies.
The centerpiece of privacy laws is the idea of data protection and individuals’ rights to control their personal information is fundamental. These laws are extraterritorial, protecting citizens’ personal information no matter where in the world they are, impacting the entire gaming ecosystem worldwide in correlation to their international user base. In 2022, Epic Games settled with the US Federal Trade Commission over violation of the Children’s Online Privacy Protection Act (COPPA) paying $520m related to the Fortnite video game. Online gaming companies fare no better in Europe as in March 2025, the Swedish company Star Stable Entertainment is being investigated by a consortium of EU national authorities for harmful marketing practices directed at children.
On the flip side, gaming owners and operators using multiple interaction channels are uniquely positioned to collect vast amounts of player information and must balance their desire to monetize such data to enhance player experiences with privacy laws, responsible and ethical data usage, and their consumers’ trust. This is the privacy and security compliance balance beam gaming companies must walk to grow player engagement but also mitigate the risks of regulatory and civil actions, the operational and reputational harms caused by poor data governance, and growing consumer awareness of and appreciation for their privacy rights. With advanced technologies like AI, VR and AR, the amount of personal data expands to include biometric, geolocational and other forms of sensitive personal information that create both opportunities and challenges. So, in an already heavily regulated industry, gaming companies must also be personal data stewards ensuring transparency, fairness, focus on player wellbeing, and doing it all in a fully legal and ethical manner. This is a tall and, some may say, overwhelming order which can lead to “digital entropy.”
Entropy is a measure of decay, disorder and randomness and, as technologies advance and data caches grow unmanaged or unchecked, organizational data governance can seem to fall into a state of disorder and uncertainty causing digital entropy. Rather than succumb to digital chaos, the gaming industry can leverage its familiarity with regulatory environments and the business imperative to enhance player engagement, to make data governance the centerpiece for both. To begin this process, apply the data matrix elements across each business domain to identify gaps in the organization’s data governance practices. By surveying each business domain to identify relevant data repositories, classifying data types (personal information, confidential, intellectual property), accessors/users thereof and storage location, the risk areas and control weakness will identify themselves. This knowledge can then lead to reassessment or enactment of appropriate policies, and practices to safeguard against unauthorized access and grow privacy compliance confidence.
In the end, these activities will only yield real benefits with the support of executive level enthusiasm, budgets and regularly repeated reviews and assessments will achieve organizational data governance with skill and not by chance.
Tags/Keywords
Players trust our reporting due to our commitment to unbiased and professional evaluations of the iGaming sector. We track hundreds of platforms and industry updates daily to ensure our news feed and leaderboards reflect the most recent market shifts. With nearly two decades of experience within iGaming, our team provides a wealth of expert knowledge. This long-standing expertise enables us to deliver thorough, reliable news and guidance to our readers.
Latest News
