More than Just a Game (Report 2): Music, video games, GDPR & technical protective measures

Finding it impossible to participate in real-life sports,
the AmeriKat, and her tiny paws, found solace in the world
of video games
Now in its fourth year, the More than Just a Game conference organized by Queen Mary University of London brings together academics, practitioners and industry members to discuss the key legal trends in, and issues facing, the gaming and interactive entertainment industries. For the first time, an edition of the conference is being held in Paris. KatFriends Daniel Lim, Alex Woolgar and Shohta Ueno (Allen & Overy) report on the proceedings in this second installment (first installment can be found here): 
"Music and video games
The third session chaired by Anne-Sophie and discussing the topic of music and video games, featured the different perspectives of collecting societies, game developers and game publishers – these competing interests were represented on the panel by Thomas Zeggane (Sacem), Benjamin Charbit (SNJV) and Florent Boisneault (Ubisoft), respectively.

Florent kicked off the session by giving an overview of various copyright (and associated rights) which exist in a piece of music and the range of different use rights for which a licence (or multiple licences) may need to be sought (e.g. copying, public performance, etc.). He explained that the different music rights, such as author’s rights and performer’s rights, meant that dealing with music rights in a video games were more complex than (for example) dealing with rights in relation to a book.

Thomas introduced the role of Sacem in the copyright scheme.  Founded 170 years ago, Sacem is a private non-profit organisation managing a wide range of intellectual property rights on behalf of its members in France.  It is the first collective society for the total collection of rights in the world (with revenues of over €1.5bn in 2017).  Thomas explained that organisations, such as Sacem, can and will request that eSport event organisers enter into licences if they suspected the unauthorised use of the rights belonging their members. This is because in France, he explained, there is an obligation to report any unauthorised use of the rights. 
Benjamin then introduced SNJV, an organisation which represents video game developers. He briefly explained the complexities of modern day video game development.  He noted that the current IP licensing regime in France, which requires the application of a proportional compensation scheme, means many video game developers (particularly small independent developers) are deterred from working with French artists due to what are regarded as onerous dealings with the collection societies such as Sacem. 
Thomas was sympathetic to SNJV’s position but emphasised that there are examples of work by French artists being successfully used in a video game such as Rayman, published by Ubisoft.  Florent provided further context to that bespoke agreement, noting that for that project they specifically wanted to use the work of a particular French artist and a large number of agreements were put in place during its development with Sacem. Ubisoft had the bandwidth, experience and resources for such an undertaking, but (in the absence of standard licence that has been specifically and appropriately adapted for video games) negotiating their own agreements would not realistically be a feasible option for independent video game developers with limited resources. 
It was clear from the session that a balance needs to be struck between French IP rights holders and video game developers so that French artists does not lose out to their foreign competitors in this subsection of the industry. 
The final session featured an overview of some of the hot topics in gaming law and was subdivided into three separate subtopics: i) Technical Protective Measures (TPM), ii) GDPR and iii) Loot Boxes (subject to a separate post). Chaired by Alexandre Rudoni (Allen & Overy), the panellists for the session were Alexander Benesch (Nintendo), Andrea Dufaure (Allen & Overy), Willy Duhen (Activision Blizzard), Andreas Lober (Beiten Burkhardt),Paul Gardner (Wiggin) and Andrea Rizzi (Osborne Clarke).
Technical Protective Measures (TPMs)
Speaking from his first hand experience in enforcing copyright and TPMs, Alexander Benesch gave a presentation which explained the current state of the law in respect of TPMs by reference to the leading CJEU case of Nintendo v PC Box (C-355/12) and the various later national decisions that applied the CJEU’s decision. He explained that TPMs are a set of technical measures in place to protect the IPRs of rights holders and may include measures such as scrambling signals and preventing access control to the content from the console. TPMs are recognised under the Copyright Directive as a legitimate preventative measure against piracy.
The Nintendo v PC Box case provided guidance in relation to what constitutes TPMs and whether they apply to video games (in particular, where a combination of software- and hardware-based measures have been implemented) . The key findings of the case were that: (i) video games are considered ‘complex’ works that are protected by more than just copyright in respect of software and therefore fall under the Copyright Directive; and (ii) two questions were to be asked in relation to whether there was infringement by the circumvention of a TPM – (a) whether the TPM is proportional, i.e. are there any other TPM systems that might be less interfering with non-infringing activities of third parties whilst offering comparable protection against infringement?; and (b) what is the predominant purpose of the device used to circumvent the TPM? 
The various national decisions which followed this CJEU decision in Italy, German and Spain reached the same conclusion that Article 6 of the Copyright Directive is applied to the factual matrix. In this case it was established that the predominant use of the circumvention device by PC-Box was for piracy and TPMs implemented by Nintendo was proportional.

Andrea Dufaure added that the French Court of Appeal had come to more or less the same conclusion before the C-355/12 CJEU decision in September 2011. It ruled that video games were complex works and that the copyright provisions would apply. She noted that had the case was put in front of the French Courts after the C-355/12 decision, it would still likely have been decided in the same manner.

Willy Duhen from Activision Blizzard’s legal and privacy team started off by commenting that it is a miracle that this regulation has passed given the amount of lobbying around it. He noted that it will be in force in a couple of months’ time and wryly observed that this has led to the sudden appearance of many “experts” in data protection. He went on to comment on few aspects of the GDPR.
GDPR grants consumers more rights over their personal data held by third parties. It allows the consumer to find out what their data is used for and provides the right for the data to be deleted. As a result, businesses are burdened with substantially more onerous obligations when dealing with personal data. GDPR applies to those companies based in the EEA but also covers the companies which target consumers in the EEA – accordingly GDPR is a particular compliance issue for US and other ex-EEA based companies that have lower national standards in relation to the handling of personal information. Not complying with GDPR could mean a substantial amount of penalty up to 4 % of the business’s global turnover – a significant increase in the potential penalty compared to the previous regime and serious concern for companies. To find out more about GDPR see previous posts here.   
Willy focused on the application of GDPR to online gaming businesses and how IP addresses could be considered ‘personal data’ under the GDPR. He questioned whether the IP addresses were really personal data given that IP addresses can be shared between multiple co-habitants and may not necessarily provide information of a specific individual. Similarly, the unique tag identifiers (central to the online gaming networks such as Sony’s PS Network or Apple’s Game Centre) could also be considered as personal data despite the company only having limited information on the consumer such as their User ID. Willy explained that this is a very strict interpretation of the Regulation and one that poses identity verification problems for companies facing requests to deal with that information by a person claiming to be its owner, but in the absence of other identifying information.
Willy then moved to the issue of child consent to the collection and processing of their personal data. He noted that many video games are played by children but that children are not dealt with in the current regulations. Art 8 of GDPR states that if a child is under age of 16 then it requires parental consent but that this default age for lawful consent may be lowered by individual member states down to minimum of 13. Willy said currently the UK ICO is considering setting the age for consent at 13 whereas France has chosen 15. He said such discrepancies may cause some logistical issues for companies and discussed the limitations of a number of methods for obtaining consent from children, such as requiring the input of date of birth, credit card information or a confirmation call by the child’s parents."
More than Just a Game (Report 2): Music, video games, GDPR & technical protective measures More than Just a Game (Report 2):  Music, video games, GDPR & technical protective measures Reviewed by Annsley Merelle Ward on Thursday, February 22, 2018 Rating: 5

No comments:

All comments must be moderated by a member of the IPKat team before they appear on the blog. Comments will not be allowed if the contravene the IPKat policy that readers' comments should not be obscene or defamatory; they should not consist of ad hominem attacks on members of the blog team or other comment-posters and they should make a constructive contribution to the discussion of the post on which they purport to comment.

It is also the IPKat policy that comments should not be made completely anonymously, and users should use a consistent name or pseudonym (which should not itself be defamatory or obscene, or that of another real person), either in the "identity" field, or at the beginning of the comment. Current practice is to, however, allow a limited number of comments that contravene this policy, provided that the comment has a high degree of relevance and the comment chain does not become too difficult to follow.

Learn more here:

Powered by Blogger.