The gaming industry has surpassed Hollywood as one of the world's largest entertainment sectors, projected to reach $500 billion by 2030. But with this explosive growth comes increasing regulatory scrutiny across every major market. In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan welcome Alex Roberts, Partner and Head of TMT in China at Linklaters, for an in-depth conversation about privacy and data protection compliance in the global gaming industry.

What You'll Learn:

Alex Roberts is a Partner and Head of Technology, Media & Telecommunications (TMT) in China at Linklaters, where he also co-leads the firm's global gaming sector practice. With over thirteen years of experience in the Asia-Pacific region, Alex has advised financial institutions, corporates, and fintechs operating in heavily regulated sectors, helping them navigate the complex legal and regulatory landscape in gaming and technology. His work spans multiple jurisdictions and regulatory frameworks, offering clients practical guidance on balancing innovation with compliance in one of the world's most dynamic markets. Alex brings a collaborative, communications-focused approach to privacy compliance, recognizing that technical legal skills must be paired with effective stakeholder engagement to build sustainable privacy programs.

If you enjoyed this episode, make sure to subscribe, rate, and review it.

[00:02:34] Why Gaming Has Become a Regulatory Hotspot
Gaming has surpassed Hollywood to become one of the world's largest entertainment industries, valued at approximately $300 billion and projected to grow to $500 billion by 2030. With that scale has come heightened regulatory attention across major jurisdictions. As Alex explains, whenever you have a hot market—whether gaming or other tech sectors—regulators focus on whether users are protected and whether businesses have appropriate long-term safeguards. Data plays a central role in the gaming industry, from personalizing player experiences to supporting advertising and partnership models. As a result, regulators in APAC, Europe, and the U.S. are strengthening their approaches to data protection in the gaming sector, creating an increasingly complex compliance landscape for companies operating globally.

[00:06:31] Children's Online Safety: The Gaming Industry's Critical Challenge
Children's online safety has become a critical regulatory focus for gaming companies, driven by concerning statistics showing that approximately one-fifth of gamers report receiving hateful and abusive language in gaming environments over the past twelve months. Australia has taken a leadership role in this area, with other APAC markets also playing closer attention to how children’s data is handled. Most gaming companies have their users' best interests at heart, but moderating and helping people stay safe in digital environments requires clear safeguards, particularly for young audiences. This is one of the areas where gaming companies and regulators are focusing most intensely, with requirements ranging from enhanced consent mechanisms to age-verification expectations and other safeguards aimed at protecting younger users.

[00:08:01] The "GDPR Effect" Across APAC
The misconception that APAC has lax privacy regulations is largely outdated. Alex notes that roughly thirteen jurisdictions in the region have drawn heavily from the GDPR, with some adopting large portions of it and others incorporating key principles. This isn't a region where privacy regulations are lacking anymore. For example, Singapore's privacy framework reflects many GDPR-aligned principles, while China has implemented what Alex describes as "GDPR plus with Chinese characteristics." This regional convergence around European-style privacy frameworks means gaming companies can no longer treat APAC as a regulatory-light environment. However, the similarities also create opportunities—organizations can identify their "high watermark" jurisdiction (the one with the strictest requirements among their key markets) and use that as a baseline for their compliance program, adjusting for market-specific nuances rather than building entirely separate programs for each country.

[00:31:35] Shadow AI and the Communication Imperative for Privacy Professionals
One of the growing risks emerging in privacy compliance is "Shadow AI"—employees using consumer versions of AI tools without organizational knowledge or approval. IBM statistics indicate that 90% of AI tools used within organizations have not been signed off by CISO teams. Someone might casually mention they "normally just use ChatGPT" for certain tasks, suddenly revealing that confidential information has been fed into public AI models. This creates immediate compliance risks related to data security, confidentiality, and the potential exposure of proprietary information. Addressing this challenge requires more than technical controls—it depends heavily on effective communication and collaboration across legal, operations, technology, design, and marketing teams. Privacy professionals who can communicate effectively and build strong cross-functional relationships will continue to add value even as AI transforms other aspects of legal work. As Alex emphasizes, "You can still have a job if you can talk to other people and communicate effectively—that's only going to become more and more important in this space."

Connect with us at [email protected]
This podcast is brought to you by VeraSafe.