Halfbrick is one of the most well-known indie mobile game development companies, famous for several games including the popular Fruit Ninja and Jetpack Joyride. On the forefront of the Australian game development industry, Halfbrick’s games have garnered hundreds of millions of downloads and have over one million players a day between Fruit Ninja and Jetpack Joyride alone.

With the large number of users that play their games, Halbrick understands the importance of privacy as part of their business model. The company has conducted numerous surveys and customer case studies and one thing is clear: privacy is essential to their customers.

“Our customers have reached out to us and told us privacy is important to them; that makes it a massive priority for us as a company” said Paul Howatson, IT Manager at Halfbrick.

New Player: Changing from an Australian to a global privacy mindset

As an Australian company, Halfbrick’s original approach to their privacy program was from the perspective of the Australian privacy principles and regulations. “We were aware of the GDPR a long way out, but it took a while to discover what the implications would be for us as a company, and this was about the time we began to look at OneTrust,” said Howatson.

After Halfbrick conducted a privacy audit and worked out where the gaps were in their privacy program, they were in search of a tool to properly document all the different systems the company uses and what information they collect. When looking at OneTrust, the Data Mapping and Assessment Automation tools are what first caught Howatson’s eye. It was a priority for the Halfbrick team to have a tool that can go through the processing activities and then work to ensure they are collecting only what they need to, storing it securely and disposing of it when there’s no longer a legitimate business purpose.

“When we looked for other tools, we couldn’t find anything we couldn’t do better ourselves,” said Howatson. “OneTrust was the first product that we knew would add additional value to our business.”

Cheat Codes: A flexible approach to innovation and data protection 

The seamless onboarding process of the OneTrust tool was incredibly valuable for the Halfbrick team. “We were particular about how we wanted things to work, and OneTrust was very open to feedback we gave initially, jumping into the system and making changes for us,” said Howatson. “This ultimately made the onboarding process much smoother for everyone.”

As IT Manager at Halfbrick, it’s important to Howatson that all Halfbrick departments can use the tools and apps they need to do their jobs. On the flip side, this means more work for the IT team to keep track of the different types of software or apps that may access personal data. With OneTrust, Howatson can empower his team to use their tools of choice without compromising privacy. “It was a massive process to put all our assets into data mapping,” said Howatson. “We found it beneficial on every side from privacy and security to general IT; because of OneTrust we can enable innovation while still maintaining data protection.”

 After going through the data mapping process, Halfbrick was able to assess their processing activities. Halfbrick collects information from users in many different ways, from the games themselves, to bringing in users to test new features and other marketing activities. Once the company recognized where the gaps were, they were able to mitigate those and develop a robust and mature privacy program.

Lastly, the Halfbrick team also uses OneTrust for cookie consent and were able to quickly run cookie scans and implement a cookie banner for their website.

Gaming the System: Developing a Culture with Privacy at the Forefront

The hard work that Halfbrick’s privacy team put into their GDPR preparation has set the solid foundation for their privacy program. However, as privacy laws continue to evolve and change and new regulations come out more frequently, Howatson knows there is still work to be done.

On top of the Data Mapping and Cookie Consent tools, Halfbrick is looking to expand their program to add OneTrust’s Universal Consent module, reimplement OneTrust’s Data Subject Rights Management (DSAR) and Assessment Automation tools as well as expand informed consent, which is already built into their games with users in the EU region.

With Halfbrick’s team now aware of the impact of the GDPR from new and updated trainings, privacy is at the forefront of their minds. This allows them to look at their work from a privacy point of view, whether implementing new features into the games or conducting marketing surveys and other activities.

“If someone knocked on our door tomorrow for a privacy audit we can tell them exactly what we’re collecting, exactly where it is, how it’s secured and how we’d delete it,” concluded Howatson. “We wouldn’t be able to accomplish that without OneTrust.”