Video Game Voicing vs GDPR: Is Your Game On?

Game audio localization

Legal teams overseeing video game localization projects manage a multitude of risk points including copyright infringement, licensing and royalties, intellectual property rights, cultural sensitivity, licensing and distribution agreements.

The arrival of the world’s strictest data protection legislation, the European General Data Protection Regulation (GDPR), in 2018, introduced a myriad of new issues for legal and privacy professionals to monitor and manage in localization activities, one of which includes voice data protection.

Voice is a personal data, strictly protected by the GDPR and most worldwide data protection legislations. The increasingly rapid development and adoption of AI voice generators, AI dubbing, voice cloning technologies and several well respected companies recently making the news because of questionable voice data usage in the video game industry, have made voice protection concerns a focal point for European Data Protection Authorities (DPAs), international legislators, voice actors and artist trade unions worldwide. 

Game voicing privacy hotspots

For video game professionals with dubbing and voiceover operations, GDPR impacts all workflows that involve the collection, storage and sharing of actors’ voice recordings, common practices in production. While the video game industry has been a privacy pioneer in several areas, internal and external production workflows remain artisanal, do not comply with voice data protection legislations, and verification of partner compliance is often dangerously overlooked.

The regulation impacts the industry on multiple levels with two especially high privacy risk areas in game localization workflows: Voice Casting Database Management and Personal Data Circulation.

Not only an EU issue

Game voicing localization resources include personal data that is subject to very specific processing rules to conform with EU data protection law. The GDPR is extra-territorial which means that companies located anywhere in the world are subject to its guidelines when collecting, using and sharing protected data. The regulation’s scope includes EU data originating from and delivered within the EU, EU data transiting to non-EU countries, and non-EU data transiting to or through the EU. To ensure monitoring and enforcement of the GDPR, every European country has a Data Protection Authority (DPA) who is authorized to launch compliance audits and issue warnings, reprimands and fines, both locally and internationally.

Co-responsibility and vendor compliance verification

GDPR is here. It is not a recommended code of practice but a legal requirement, and it marks a change in the balance of data protection responsibility between service providers and publishers. Under the regulation, the entire supply chain is co-responsible for each other’s compliance, meaning that a data breach, anywhere in the supply chain, puts all project stakeholders at risk of penalties that can reach 20M€ or 4% of global revenues.

Historically, vendor compliance assessments have more or less been reserved for premium content projects, but the GDPR’s notion of compliance co-responsibility is a game changer. It’s critical to question existing or potential new suppliers more thoroughly about their compliance, with a strong emphasis on their biometric data privacy policies. Proof of compliance for all projects involving voice data or other potentially sensitive personal data is strongly recommended to ensure your organization and partners are protected and won’t be in the firing line in the event of a data protection audit.

White paper: Video Game Voicing vs GDPR

Fill out this form to access our latest white paper that provides concrete recommendations and solutions to help secure your organization’s voice data compliance.

Share This Post

More posts