How handling of user data is structured in the largest countries

“Xsolla” discussed the specifics of handling user data in Russia, the European Union, and South Korea.

Launching a game on the global market can present several challenges, the most unpleasant of which are local tax nuances and legal restrictions on user data. If developers do not use third-party solutions for game scaling, all legal issues must be addressed independently.

In some countries, like the USA, things are quite straightforward. However, in others, there are complexities that are hard to navigate. Here’s how the issue of user data storage is handled in several major countries, and how “Xsolla Login” assists developers in complying with legal requirements and optimizing user experience depending on the country.

Russia – Guardians of the Constitution

All personal data of Russian users must be stored only on Russian servers. Although the law allows for cross-border data transfer, it can be prohibited “for the protection of the constitutional order.” This recent legislative change complicates launching games in Russia, forcing developers to find new ways to enter the Russian market, one of which is third-party solutions for data storage and transfer.

For instance, “Xsolla Login” uses its own servers located in Russia and by default offers Russian users the ability to log in through profiles of the most popular social networks (such as “VKontakte”), thereby enhancing player user experience.

European Union: Collect, Transfer, Delete

The processing of personal data for players from EU countries is regulated by the GDPR (General Data Protection Regulation). According to the regulation, developers must obtain users’ consent to process personal data and provide the ability to change their decision. Only data necessary to achieve the developer's goals can be collected, and it must be protected against damage and unauthorized copying. Moreover, users can not only request all information about themselves but also demand its deletion. Developers need to ensure the secure storage of data to handle all user requests. This can be done independently or with the help of a third-party service.

South Korea – Curfew and a Deal with the State

Unlike EU countries, South Korea has a state system for citizen verification called I-PIN, and game authorization must consider its specifics. I-PIN divides users into three age groups: “under 14 years old,” “14-18 years old,” and “over 18 years old.” For underage players, several restrictions must be considered: for example, a teenager under 16 is not allowed to log into a game from midnight to 6 a.m. At this time, access to the game must be blocked, though this law does not appear to apply to consoles and mobile games for some reason. Additionally, parents or guardians select the days and hours during which the teenager can play and have access to the account, game session history, and payments. They can temporarily or permanently disable the teenager’s account at any moment.

Entering the Korean market independently is a real challenge for developers, requiring not only technical solutions (such as automated age restriction compliance, parental control, and I-PIN verification) but also partnership with the government through a local legal entity.

***

“Xsolla Login” is one of the seven products from Xsolla for self-publishing and monetizing video games. It supports over 30 authentication methods, including Steam, Twitch, most social networks, Google, Facebook, and others. Depending on the country, the service offers players the most popular registration method, increasing the likelihood of user registration on the spot. Moreover, the tool helps better understand the audience and establish communication: developers can use data collected by the service to build communication strategies with players through newsletters, social media retargeting, and other available methods.