By Sam Pfeifle
Publications Director

With gamification making its way further and further into mainstream marketing and corporate efforts, it only makes sense that privacy-awareness advocates would get into the game.

Privacy professionals should get a kick out of Data Dealer, a new browser-based game, which will eventually be integrated into Facebook like the popular Zynga games (et al) and takes a satirical and ironic approach to the world of data collection and sale. Currently, it’s only in demo stage, as developed by a non-profit team of coders based mainly in Vienna, Austria, but with collaborators in Germany, Switzerland and the U.S. It was originally released in German last fall, and has now been released in an English version in the past week.

With a self-described background as “open source advocates, web developers, theorists, historians, artists, activists, mathematicians, educators, punk rockers, noise musicians, designers and illustrators,” the team has created a very playable and thought-provoking game that illustrates the vast array of personally identifiable information companies can and do collect from varying sources and for varying monetization plans.

You can get a preview of how the game works here:

But, as a longtime gamer, this reporter thought he’d take a swing at actually playing the online demo. Here’s how that went:

Firstly, the game is very accessible as it’s currently constructed. Data Dealer worked seamlessly in Safari on a MacBook Pro over conference wireless at the hotel here at the IAPP Canada Privacy Symposium in Toronto (hey, there’s got to be something to do when the first staff meeting is at 5:45 a.m.).

You’re first presented with a “database,” which sort of looks like an ugly telephone (it’s meant to be a computer, I think), and since it’s a demo you find yourself mid-way through the game. Your goal is to get to eight million fully stocked personal profiles, and you sit at just over a million. I find myself with $5,000 in the bank, on “level 3,” and with zero percent risk.

Hmmm, what’s the risk do?

There are essentially three dynamics at play: You can buy data from shady sources; you can invest in online data collection practices like online dating sites and loyalty card programs; and then you can sell data to willing customers, such as the Central Security Agency. The gameplay works like lots of other click-farm kind of games: The more payoff is involved, the longer you have to wait for it.

PII that is easy to get: home addresses, first and last names, postal codes. PII that is harder to get: debt information, income, IP addresses, preferred computer games.

Time to dive in. First thing, I pay Steve Sneak for some data. $100. I have to wait 30 seconds for it. I wind up with info about tanning booth visits, plus some email addresses, etc. Then, I make a deal with Star Mart and sell them a bunch of info for $240; they want it for their human resources department, apparently. Now, I invest in a sweepstakes site and a dating site to get more data. It makes me wait about a minute. I collect and import about 12,000 new records. I need about 7,000,000 more. This could take a while. My risk factor is up to 26 percent already.

I sell some data to the central security agency for $460. They take a while, but they pay pretty well.

Now I start to go crazy. I invest in loyalty cards. In personality tests. I make it to level 5! I get three new sources of data. One is “Barnie Maddog,” who puts me in touch with new shady characters. Paul Peeves is a foreclosure artist. He’s selling some tasty data; I’m buying. Beverly Compton-Burr works at the department of education. She’s in over her head with her penthouse apartment and is willing to sell access to her database. I make a deal for data.

I get about 60,000 new profiles that way and some sweet identifiers: Relationship status. Chronic illnesses. Sexual orientation. Height. Diet. Political attitude. I sell to everyone. To the CSA, to the National Rental Housing Company, to the Health Insurance Company, to Star Mart again. I’m drunk with data. I make well over $1,200 and don’t spend nearly that much.

But my risk is up to 46 percent. I’m on level 6 without even really realizing it. I’m buying from Uncle Enzo, a decidedly shady character who mines the Internet; from the nurse again; from the sneak again.

Finally, boom! I run up against a privacy protest.


I have to pay $1,200 for an image-rehabilitation campaign. A small group of advocates whack me in the figurative kneecaps. But I quickly collect $900 from my data sale and I barely notice the hit I take.

This would be where the cynicism comes in from the programmers. It doesn’t seem like I need to worry much about protestors and regulators. I’m running free. I’m trading data like baseball cards in 1987. After my image campaign, my risk goes all the way back down to 9, too. So, I feel mighty empowered. Uncle Enzo is the jackpot, by the way. Fifty thousand records at a time. For like $120. The Loyalty Cards are generally the most successful collection method, but the dating site gets me solid profile information, too.

Really, though, after about 20 minutes, I’m basically treading water. I’m just over $5k in assets. I’m still only at 1.5 million records. There’s a loooong way to go. And since this is a demo version, I can’t save my progress.

At level 8, I pick up some “age at first sexual encounter” data. What would I even use that for? Who cares? The CSA will buy it. I notice my payouts are starting to be much more substantial, more than $700 from each firm at times. Next time, I get $830 from the health insurance company!

Shockingly, the game keeps me occupied for almost half an hour - long enough that my butt sort of falls asleep in the chair. Unfortunately, there doesn’t seem to be a way to go out in a blaze of glory. I buy from all the shady characters I can. I sell like I’m on a used car lot. But all that happens is another measly protest and a $1,200 hit.

I switch it off. Time for a coffee and (fittingly) a pre-conference session on Big Data and privacy. I’m a little sad to see the game go, but I’m also kind of bored. I haven’t earned any new shady sources or willing buyers in a while.

Will this game be successful in a Facebook environment? Possibly. As click-games go, this is sort of fun. The graphics are entertaining and amusing and it’s fun to watch the data flow from the shady characters to the database and then from the database to the companies who are looking to buy. But there will need to be more incentives in order to keep people hooked for long.

Will this game be successful in educating people about how data is used? Almost definitely. Playing forces you to think about all the data being collected about you on the Internet and who’s collecting what. Do most people think of loyalty cards as a data collection scheme? I don’t think so. If they play this game, though, they will. Do people see online dating sites as collection farms? I doubt it. They think they’re getting something for paying a small fee to create a profile. They likely don’t realize that the data they enter will be sold off to create another revenue stream entirely for their favorite hook-up site.

This makes the commerce of data playfully obvious. I’d recommend giving it a spin yourself, but also promoting it through your organization as a way to drive home the value of data and how people are looking to use it. Perhaps that will help emphasize the necessity of privacy and security controls.

But watch out: It could also harm your company’s productivity…

Read More By Sam Pfeifle:
What Went Wrong at Bloomberg, and Where Do They Go Now?
The Impact of SP 800-53: Putting Privacy and Security Side-By-Side
Will the White House Soon Have A Chief Privacy Officer or Not?
The BYOD Dilemma: What’s Yours and What’s Theirs?


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»