Video Gaming Update

June 2020

Also in this issue:

3 Strategy Guide

3 Side Quests

Recent holdings

in video game and

related lawsuits

5 Patch Notes

Updates on litigation,

regulation and

legislation impacting

the industry

7 Contacts

The California Consumer Privacy Act (CCPA) is the first broad-based state statute aimed

at enhancing personal privacy rights for consumers. Following the example set by the

European Union’s General Data Protection Regulation (GDPR), the CCPA expands the rights

of California residents to know about the collection, sale and sharing of their personal

data, and enables them to object to the retention or sale of such data. Although the CCPA

was enacted on June 28, 2018, it only took effect on January 1, 2020, and enforcement by

the state’s attorney general began on July 1, 2020. Although the statute applies only to

California residents, the law is not limited to California companies; rather, any company

that does business in California may fall under its scope. Accordingly, companies that may

be impacted by the CCPA — which includes many companies in the video game industry

— are well advised to understand the requirements of the CCPA and evaluate their internal

procedures to ensure compliance.

Relevant Provisions of the CCPAI

The CCPA applies to any business that (a) collects consumers’ personal data, (b) does busi-

ness in California (even if situated outside the state), and (c) satisfies one of the following

conditions: (i) has annual gross revenues exceeding $25 million; (ii) buys, receives or sells

personal information of 50,000 or more consumers or households; or (iii) earns more than

half of its annual revenue from selling consumers’ personal information.

The CCPA allows California residents to request that businesses meeting these criteria

identify the “personal information” that those businesses collect, as well as to demand that

those businesses delete and/or not sell such personal information.

“Personal information” is defined very broadly in the statute to include not only traditional

forms of personal information (e.g., names, email and physical addresses, etc.) but also a

broader set of data, including IP addresses, browsing histories, geolocation data, physical

data, professional or employment-related data, education information and even biometric

data, provided that such data can be used to identify an individual, household or particular

device. Moreover, the CCPA’s definition of “personal information” encompasses inferences

that can be drawn from any other information collected by the businesses (such as brand

preferences, viewing habits, etc.) and used to create profiles about a consumer’s behavior,

trends, characteristics, preferences and more.

Does My Video Game Violate

Consumers’ Privacy Rights?

Main Quest

2 Skadden, Arps, Slate, Meagher & Flom LLP and Afﬁliates

June 2020

The CCPA also requires businesses to (a) provide notice of

data sharing/sale opt-out rights to consumers, and (b) obtain

affirmative consent to the sale of information from users under

16 years of age (and consent from a parent/guardian for users

under 13). In other words, while the default scheme is implied

consent with users affirmatively opting out of data sharing,

for users under 16 the default is that sale and sharing are not

permitted unless the user (or his or her parent/guardian, if the

user is under 13) opts in.

In the event a company fails to comply with these requirements,

the CCPA provides for both government enforcement as well

as a limited private right of action in the case of data breaches.

The California attorney general may seek civil penalties of up

to $2,500 for each CCPA violation (measured by each instance

of any specific provision or requirement being violated), or

up to $7,500 for intentional violations.

Additionally, California

consumers may bring a private right of action for data breaches

involving nonencrypted and nonredacted personal information,

where the company failed to implement reasonable security

procedures. Under such private actions, impacted consumers

may seek either their actual damages or statutory damages of

between $100 and $750, whichever is greater. Thus, because

of the availability of statutory damages, consumers who have

been impacted by a data breach may recover from noncompliant

companies even without a showing of harm.

CCPA’s Impact on the Video Game Industry

Beyond the general impact of the CCPA — requiring all compa-

nies to ensure that their data collection, retention and sale/

sharing policies meet the CCPA’s requirements — companies

involved in the video game industry are likely to experience

more specific consequences in at least three ways.

First, the CCPA’s requirement of obtaining affirmative consent

for the sale of data from any user under 16 will likely have a

disproportionate impact on the video game industry, given

the popularity of video games with younger audiences. And

while many companies already take steps to limit their data

collection practices for users under 13 (as required under

the Children’s Online Privacy Protection Act, or COPPA), the

strategies employed to do so may not be feasible or desirable

for users in the 13-16 age bracket. For example, an online game

may age-gate its service so only users who are 13 years of age

It should be noted that the CCPA provides a 30-day cure period before the

attorney general may seek such ﬁnes against a company.

or older can play; doing so restricts the player base to some

degree, but the company is able to collect the same data from

all players, without concern of violating COPPA. However, this

same strategy of age-gating may not be feasible with respect

to players 13-16, as such players may (depending on the game)

represent a large percentage of the player base. While compa-

nies may be able to avoid the need to age-gate by segregating

the data collected from users ages 13 to 16 — thus ensuring

that such data is not mistakenly sold without consent — these

additional steps may not be feasible or cost-effective.

Second, the CCPA’s broad definition of “personal information”

implicates certain activities that video game companies might

not typically associate with the collection of personal data,

particularly in the esports and streaming contexts. For example,

biometric information about a game’s player, such as keystroke

patterns, recognition and click speeds, and logon/logoff times,

could all fall under the CCPA definition of “personal informa-

tion” if they can be uniquely identifiable. Esports companies

may be interested in collecting and storing such data for

purposes completely separate from their typical data collection

practices — for example, as a means to identify and root out

cheating. Similarly, streaming services may be interested in

collecting information about a user’s preferred channels or

time spent watching a particular stream to better tailor their

service to the user. Indeed, even a company hosting an esports

tournament or gaming event may inadvertently collect personal

data by recording who is watching the event, or who is inter-

acting with the company’s social media posts regarding the

event. While the mere collection of this information does not

in itself violate the CCPA, the fact that a company is collecting,

storing and potentially sharing this information would require

that company to comply with the CCPA and be aware that such

information is subject to the CCPA’s regulations.

Finally, the effects of the CCPA may be particularly acute for

companies in the mobile and free-to-play gaming space, which

often rely heavily on consumers’ data as a source of revenue.

It is worth remembering that the CCPA is specifically directed

to any company that earns more than half its annual revenue

from selling customers’ personal data, or collects information

from more than 50,000 consumers or household. Thus, a free-

to-play or mobile game developer that supports itself with ad

revenue tied to consumer data may need to be CCPA-compliant

even if its annual revenue is relatively low.

3 Skadden, Arps, Slate, Meagher & Flom LLP and Afﬁliates

June 2020

Recent judicial decisions and enacted statutes or regulations that are likely to impact the video game industry

Ubisoft Entertainment SA v. Yousician Oy, No. 19-2399

(Fed. Cir. June 11, 2020)

On June 11, 2020, the U.S. Court of Appeals for the Federal

Circuit, in a nonprecedential opinion, affirmed the decision of

the U.S. District Court for the Eastern District of North Carolina

invalidating claims from a Ubisoft patent covering an “interac-

tive game designed for learning to play guitar.”

The panel agreed with the district court’s analysis that under

the Federal Circuit’s jurisprudence concerning patentable

subject matter, as well as under the U.S. Supreme Court’s

decision in Alice Corp. v. CLS Bank International, 573 U.S. 208

(2014), the claims in the Ubisoft patent were directed to an

abstract idea and did not include an inventive concept, and thus

were not eligible for patent protection.

The patent at issue relates to a video game that teaches users

how to play the guitar by assessing the user’s performance,

determining what the user needs to improve by changing the

difficulty level of the game and then creating mini-games to

improve skills.

The panel found that rather than describing a particular way of

programming or designing software, the claims merely recited

an abstract process in five steps: (1) presenting notations;

(2) receiving input; (3) assessing performance; (4) determin-

ing weakness; and (5) changing the difficulty or generating

mini-games.

The panel further agreed with the district court that there was

no inventive concept in the claims of the patent, as the claims

merely applied the abstract process using conventional and

well-known techniques.

Side Quests

Strategy Guide

There are a number of best practices video game companies can employ in order to minimize the risks

associated with the CCPA:

- It is vital that companies review their data collection,

retention and selling practices, and ensure they are in

compliance with the CCPA, most notably by including

an appropriate “opt-out” option for all users over 16

years of age and obtaining affirmative consent to sell

data from users under 16 (or their parent/guardian,

where appropriate).

• In connection with this review, companies should insti-

tute compliance programs so they are able to respond

to claims of CCPA violations within the statutory time

period and thereby avoid liability.

• Additionally, companies should review and update

their privacy policies as necessary to comply with

the CCPA requirements.

• While ensuring compliance will likely require some upfront

investment, such expenditures are likely far less than

the penalties a company could incur for noncompliance,

particularly given the CCPA’s statutory damages provision.

- Companies should examine the types of data they collect

and ensure that they are collecting only what is necessary.

For example, while it may seem beneficial to ask for a

user’s phone number as part of a registration process, if

the company has no plans to use that information, it may

consider forgoing the collection and storage of such data.

- Where feasible, companies should take steps to anonymize

and de-identify any information collected and stored in the

aggregate. The CCPA covers only personal information that

can be linked with an individual; anonymous data does not

pose any risks from a CCPA perspective.

4 Skadden, Arps, Slate, Meagher & Flom LLP and Afﬁliates

June 2020

Fortnite Emote Lawsuits

As we have reported in this newsletter, Epic Games, Inc.

(Epic), the makers of the popular battle royale game Fortnite,

have been hit with a slew of lawsuits in recent years related to

various dance moves as depicted in emotes that Fortnite char-

acters can perform. Many of these lawsuits were dismissed

following the U.S. Supreme Court’s decision in Fourth Estate

Public Benefit Corp. v. Wall-Street.com, 586 U.S. 2019),

which requires plaintiffs to obtain a copyright registration

before bringing a lawsuit for copyright infringement. However,

plaintiffs have recently switched tactics to allege noncopyright

claims, and in the past three months, two courts have weighed

in on the viability of these alternate theories:

- Brantley v. Epic Games, Inc., No. 8:19-cv-594-PWG

(D. Md. May 29, 2020)

On May 29, 2020, the U.S. District Court for the District of

Maryland granted Epic’s motion to dismiss with prejudice

eight counts alleging various violations of the Lanham Act

and plaintiffs’ common law trademark and publicity rights.

Plaintiffs Jaylen Brantley and Jared Nickens were two

University of Maryland basketball players who alleged that

they created, named and popularized a dance move they

dubbed the “Running Man,” which they accused Epic of

copying for one of its emotes.

In addition to a copyright claim (which was dropped following

the Fourth Estate decision), the plaintiffs asserted claims

alleging violation of their rights of publicity, trademark infringe-

ment under both the common law and the Lanham Act, unfair

competition, unjust enrichment and trademark dilution.

The court sided with Epic, finding that claims alleging viola-

tion of the right of publicity, common law unfair competition,

Lanham Act unfair competition, unjust enrichment and false

designation of origin were all preempted by the Copyright

Act, and that the claims alleging trademark infringement and

dilution were insufficiently pled, as the plaintiffs could not

establish their ownership of a valid trademark.

Further, because the plaintiffs had already amended once,

the court dismissed all claims with prejudice.

- Pellegrino v. Epic Games, Inc., No. 19-cv-1806

(E.D.P.A. Mar. 31, 2020)

On March 31, 2020, the U.S. District Court for the Eastern

District of Pennsylvania partially granted a motion to dismiss

right of publicity and trademark claims alleging that Epic

unlawfully copied the plaintiff’s dance moves in the game.

As with the plaintiffs above, in this suit, Leo Pellegrino — a

saxophone player known as “Leo P” — alleged that Epic

misappropriated his right of publicity, and infringed and diluted

his trademarks by copying his signature move into an emote.

The court dismissed the majority of Pellegrino’s claims,

including his right of publicity, unjust enrichment, unfair

competition and trademark dilution claims.

The court also dismissed Pellegrino’s Lanham Act false

designation of origin claims as preempted by copyright law

under Dastar Corporation v. Twentieth Century Fox Film

Corporation, 539 U.S. 23 (2003).

• In Dastar, the U.S. Supreme Court found that the term

“origin” for purposes of Lanham Act claims covers the

producer of commercial goods but does not extend to the

author of any idea or concept embodied in those goods.

The latter is exclusively covered by the Copyright Act.

• In the instant case, the court found that Pellegrino’s allega-

tions establish that his signature move is the creative idea

underlying Epic’s emote. Thus, Pellegrino’s false designa-

tion of origin claim is governed by copyright law, not the

Lanham Act.

However, the court sided with Pellegrino and did not dismiss

his Lanham Act false endorsement claims, noting that the

Supreme Court did not consider false endorsement in Dastar.

The court found that Pellegrino’s false endorsement claims are

related to Epic’s use of his likeness to create the false impres-

sion that Pellegrino endorses Fortnite, which are distinct from

his claims relating to the origin of Fortnite’s emote.

AM General v. Activision Blizzard, No. 17-cv-08644

(S.D.N.Y. Mar. 31, 2020)

On March 31, 2020, the U.S. District Court for the Southern

District of New York granted a motion for summary judgment

filed by Activision Blizzard — the developer of the Call of Duty

video game franchise — to dismiss a trademark infringement

suit filed by AM General, the maker of Humvees.

The lawsuit alleged that Activision infringed AM General’s trade-

marks by depicting Humvees in Call of Duty games. Activision

argued that its use was protected by the First Amendment.

The court applied the two-part analysis for use of trademarks

in artistic works, drawn from the U.S. Court of Appeals for the

Second Circuit’s decision in Rogers v. Grimaldi, 875 F.2d 994

(2d Cir. 1989).

5 Skadden, Arps, Slate, Meagher & Flom LLP and Afﬁliates

June 2020

- Under the Grimaldi test, the court must determine: (1) if the

use of the trademark has any artistic value to the underlying

work, and if so, (2) whether the trademark use “explicitly

misleads” as to the source of the work.

The court agreed with Activision and found that the use of

Humvees had artistic relevance because it increased the real-

ism of Call of Duty’s depiction of war, and that Activision’s use

was not explicitly misleading.

The court further noted that having some commercial motiva-

tion for using a trademark does not preclude a defendant’s First

Amendment interest. Rather, a plaintiff must present evidence

that the defendant’s interests were “solely” commercial, and

that its First Amendment defense was purely pretextual.

Solid Oak Sketches, LLC v. 2K Games, Inc. et al.,

No. 16-cv-724 (S.D.N.Y. Mar. 26, 2020)

On March 26, 2020, the Southern District of New York granted

the motion for summary judgment of Take-Two Interactive —

the developer of the NBA 2K video game series — to dismiss a

The lawsuit alleged that Take-Two infringed Solid Oak’s copy-

rights by displaying tattoos that are depicted on several NBA

players, including LeBron James, in NBA 2K video games. Solid

Oak acquired the copyrights to the tattoos from the artists who

tattooed the players. Take-Two counterclaimed, arguing that its

uses were fair and de minimis.

Take-Two filed a motion for summary judgment to dismiss the

counterclaims.

The court granted Take-Two’s motion for summary judgment

for three separate reasons:

1. Take-Two’s use of the tattoos was de minimis;

2. The tattoo artists had given the NBA players implied, nonex-

clusive licenses to use the works in connection with their

own likenesses when the artists tattooed the players; and

3. Take-Two’s use of the tattoos to identify and depict

the NBA players was transformative and thus constituted

fair use. Take-Two’s display of the tattoos added new

meaning to the works by enhancing the realism of the video

game experience.

New litigation filings and proposed legislation and regulations that may lead to important legal developments

in the video game industry

FTC Levies $4 Million Penalty Against App Developer

for Kids’ Privacy Violation

On June 4, 2020, the Federal Trade Commission (FTC)

announced that, in connection with a settlement with mobile

app developer HyperBeard, Inc., it was authorizing the Depart-

ment of Justice (DOJ) to file a complaint and stipulated final

order in the U.S. District Court for the Northern District of

California, seeking a $4 million penalty against HyperBeard

for violations of the Children’s Online Privacy Protection Act

(COPPA).

The FTC alleges that HyperBeard allowed advertisers to collect

personal information from children under 13 without notifying

parents or obtaining verifiable consent. Specifically, the FTC

alleges that users of HyperBeard’s apps are subject to third-

party app networks gathering persistent identifiers to track and

serve targeted ads, and that HyperBeard was aware that a large

number of its app users were children under 13.

Although HyperBeard disagreed with the FTC’s position that

its apps were directed at children under the age of 13, the

complaint highlights a number of factors the FTC and DOJ

allege demonstrate that HyperBeard knew (or should have

known) its apps were appealing to children, including:

- The use of words like “cute,” “adorable” and “silly” in

marketing the apps;

- The use of brightly colored cartoon characters, and in

particular animals, as the playable characters in the apps;

- The focus on kid-friendly activities, such as baking, coin

collecting, shopping and science experiments as the subject

matter of the apps; and

- The fact that HyperBeard had licensed the characters from

some of the apps to be included in children’s books, stuffed

animals and toys.

Patch Notes

6 Skadden, Arps, Slate, Meagher & Flom LLP and Afﬁliates

June 2020

While the settlement includes a $4 million penalty, the FTC

stated in a press release that HyperBeard will be required to

pay only $150,000 due to its “inability to pay the full amount.”

However, the full penalty will be due if the FTC determines that

HyperBeard or its CEO misrepresented their finances.

FTC Commissioner Noah Phillips disagreed with the amount of

the penalty, describing it as disproportionate to the harm caused

by HyperBeard’s violation of COPPA. In particular, Commissioner

Phillips noted that unlike in other recent high-profile FTC actions,

HyperBeard has not been accused of sharing or publicizing the

information it obtained from children, or exposing children to

unauthorized contact from strangers.

FTC Chairman Joseph Simons responded to Commissioner Phil-

lips, emphasizing that while harm is an important consideration,

penalties under COPPA are primarily intended to deter harmful

and dangerous practices directed toward children.

The FTC is currently conducting an in-depth review of its

COPPA rule, and several commissioners are pushing for more

oversight and scrutiny of potential offenders. For example,

Commissioner Rohit Chopra recently expressed concerns

about third-party privacy policing programs that are designed

to shield their participants from COPPA liability, after the FTC

announced a settlement with another app developer, Miniclip

SA, that allegedly misrepresented its membership in one of

these programs.

Given the string of high-profile — and high-penalty — FTC

actions, Chairman Simons’ statements regarding deterrence

and the ongoing FTC COPPA review, any company with

consumers who likely include children under 13 would be

well-advised to ensure they remain COPPA-compliant.

Putative Class Actions Claim Loot Boxes Encourage

Gambling — Coffee v. Google LLC, 5:20-cv-3901 (N.D. Cal.

June 12, 2020); Taylor v. Apple, Inc., 5:20-cv-3906

(N.D. Cal. June 12, 2020)

In a pair of putative class action lawsuits filed on June 12,

2020, parents of children who have spent money on loot boxes

in apps downloaded from either the Google Play Store or the

Apple App Store allege that the presence of loot boxes in

games is akin to “Las Vegas-style slot machine[s]” and entices

children to gamble.

The complaints each allege violations of California’s Unfair

Competition Law and Consumers Legal Remedies Act, and

accuse Apple and Google of being unjustly enriched by the

practice of marketing and selling loot boxes in games that can be

downloaded from their respective platforms.

While neither Apple nor Google develops the games referenced

in the complaints, the plaintiffs allege that those companies

market and distribute the games, and act as “agents” for the

developers, taking a 30% commission in the process, and are

thus liable for the deceptive practices alleged.

The complaints also highlight actions that have been taken to

either ban or regulate the use of loot boxes in other countries,

including Belgium, the Netherlands, Japan and Austria, and

recount domestic efforts to address perceived problems with

loot boxes in games.

Ubisoft Files Lawsuit Against Alleged ‘Carbon Copy’ of

Rainbow Six Siege — Ubisoft Entertainment v. Ejoy.com

Ltd., No. 2:20-cv-4419 (C.D. Cal. May 15, 2020)

Ubisoft Entertainment, publisher of competitive multiplayer

close quarters battle game Tom Clancy’s Rainbow Six Siege

(R6S) filed a lawsuit for copyright infringement against game

developer Ejoy.com Ltd, which is owned by Alibaba Group,

alleging that Ejoy’s game Area 52 (Area F2) is a “near carbon

copy” of R6S.

In its complaint, Ubisoft highlighted alleged similarities in

the games’ respective map designs, weapons loadouts,

character options, sound effects, user interfaces and scorekeep-

ing elements.

Ubisoft also pointed to numerous consumer comments and

reviews comparing the two games, and describing Area F2 as

essentially a mobile port of R6S.

In addition to Ejoy, the complaint included claims against

Google and Apple related to their continued distribution of Area

F2 through the Google Play and Apple App stores, despite

Ubisoft’s requests to remove the app.

On May 19, 2020, Ejoy announced that it would be terminating

the current version of Area F2 in order to “carry out improve-

ments” and “deliver a better experience to players.”

On May 22, 2020, Ubisoft voluntarily dismissed its action

without prejudice.

7 Skadden, Arps, Slate, Meagher & Flom LLP and Afﬁliates

June 2020

Putative Class Action Complaint Alleges Design Defect in

Xbox One Controllers — McFadden v. Microsoft Corp.,

2:20-cv-640 (W.D. Wash. Apr. 28, 2020)

On April 28, 2020, Donald McFadden filed a putative class

action alleging that Microsoft Corporation’s Xbox One control-

lers contain a design flaw that can cause the controllers’

joysticks to register “phantom inputs” (also known as “stick

drift”) and thus thwart accurate gameplay.

McFadden alleges that Microsoft has been aware of this

design defect since at least 2014, pointing to numerous online

reviews and complaints, as well as warranty requests made by

consumers to Microsoft. Nevertheless, despite this knowledge,

McFadden alleges that Microsoft continued to not only produce

the defective controllers but touted the controllers’ precision

and capabilities in advertising.

In particular, McFadden highlighted Microsoft’s advertising for

its Elite controllers, which McFadden alleged he purchased in

order to improve his ability to play first-person shooters, his

favorite type of game.

McFadden also criticized Microsoft’s controller warranty, which

lasts 90 days (as opposed to a year for the console itself),

and alleged that Microsoft inappropriately refused to repair or

replace defective controllers.

The complaint contains a single cause of action for violation of

Washington’s Consumer Protection Act.

Microsoft has yet to appear in the action.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for

educational and informational purposes only and is not intended and should not be construed as

legal advice. This memorandum is considered advertising under applicable state laws.

One Manhattan West / New York, NY 10001 / 212.735.3000

525 University Ave. / Palo Alto, CA 94301 / 650.470.4500

Anthony J. Dreyer

Partner / New York

212.735.3097

anthony.dreyer@skadden.com

James Y. Pak

Counsel / Palo Alto

650.470.3197

[email protected]

P. Anthony Sammi

Partner / New York

212.735.2307

anthony.sammi@skadden.com

David M. Lamb

Associate / New York

212.735.3421

[email protected]

Jordan Feirman

Counsel / New York

212.735.3067

jordan.feirman@skadden.com

Andrew K. Patrick

Associate / New York

212.735.3291

andrew[email protected]

Contacts