The new version of the Personal Data Digital Protection Act in India, which entered into force on 14 January 2025, imposes more severe restrictions on data collection by technology giants such as Google, Meta and game companies. According to the Act, enterprises may collect data only for certain necessary purposes and must make the use of data transparent and open. Game developers need to clearly demonstrate to users the terms of consent, the type of data collected and the reasons for this change, which is expected to affect several links such as game data analysis, social functions, personalization systems, etc.
The regulation draws on the framework of the EU General Data Protection Regulation (GDPR) and aims to give citizens more control over data. The new regulation requires enterprises to provide Indian users with justifications for data collection and exit options, and to notify users and the Data Protection Commission of India if data leaks occur. The Act also strengthens short-term data storage restrictions and protection measures for minors, and its scope of application covers mobile end, PC, mainframe and Web3 games. In an interview with the media, Nitish Mittersain, Chief Executive Officer and Joint Director of Nazara Technologies, Indian Play and Sports Media, stated: “The bill is a watershed in the Indian game industry. We are moving from `growth at all costs’ to `growth based on trust, security and responsibility’. When players and parents know that their data are being processed responsibly, they can automatically become advocates of the game media, and game retention and liquidity will increase.”
The President of the Indian Association of Game Developers, Sridhar Muppidi, said: “We welcome this comprehensive new regulation, which helps to protect the privacy of players. As most Indian developers have already followed the GDP R level standard, no major impact is expected. However, it is recommended that the Government conduct awareness-raising campaigns to guide small and medium-sized developers, and that any violation may lead to heavy penalties.” According to Vinayak Godse, Chairman of the Data Security Committee of India, the new regulations set clear expectations for game companies to move the industry from a loose data practice to a target-driven and accountable data-processing model. Anurag Choudhary, Chief Executive Officer of Felicity Gomes, Bangalore Games, stated that the bill forced all studios to revisit the way in which player data were used, “preliminarily discouraging, but ultimately promoting industry health”.
Kashyap Reddy, co-founder of Hitwicket, emphasized that “as the Indian game moves more and more globally, strong privacy protections and responsible data processing directly affect the trust of players, the bill will make the game more transparent and safe for children, and parents can be more reassuring for their children.” This new privacy regulation follows India’s earlier ban on real currency games — a ban that has evaporated the game market by billions of dollars. It is widely recognized that data protection and user trust-building are emerging as new building blocks for sustainable development in India, one of the fastest-growing global game markets.
