We are also subject to evolving laws and regulations that dictate under what circumstances we can transfer, process and/or receive personal information that is critical to our operations, including data shared between countries or regions in which we operate. For example, in July 2020, the European Union-U.S. Privacy Shield was invalidated by the Court of Justice of the European Union (“CJEU”). While the EU and the UK issued new Standard Contractual Clauses, such transfers of European personal information continue to be subjected to regulatory and judicial scrutiny. If we are unable to transfer data between and among countries and regions in which we operate, or if we are restricted from sharing data among our products and services, it could affect the manner in which we operate and require us to change our data processing policies and measures, which may be burdensome and difficult to undertake successfully, and could adversely affect our financial results.
Due to the rapidly changing nature of these data protection laws, there is not always clear guidance from the respective governments and regulators regarding the interpretation of the law, which may create the risk of an inadvertent violation. Efforts to comply with these and other data privacy and security restrictions that may be enacted could require us to modify our data processing practices and policies and could significantly increase the cost of our operations. Failure to comply with such restrictions could subject us to criminal and civil sanctions and other penalties. In part due to the uncertainty of the legal climate, complying with regulations, and any applicable rules or guidance from self- regulatory organizations relating to privacy, data protection, information security, and consumer protection, may result in substantial costs and may necessitate changes to our business practices, which may compromise our growth strategy, adversely affect our ability to attract or retain players, and otherwise adversely affect our business, financial condition, and operating results.
Any failure or perceived failure by us to comply with our posted privacy policies or terms of use, our privacy-related obligations to players or other third parties, or any other legal obligations or regulatory requirements relating to privacy, data protection, or information security may result in governmental investigations or enforcement actions, litigation, claims, or public statements against us by consumer advocacy groups or others, and could result in significant liability, cause our players to lose trust in us, and otherwise materially and adversely affect our reputation and business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to us may limit the adoption and use of, and reduce the overall demand for, our games.
Additionally, if third parties we work with violate applicable laws, regulations, or agreements, such violations may put our players’ data at risk, or result in governmental investigations or enforcement actions, fines, litigation, claims, or public statements against us by consumer advocacy groups or others, and could result in significant liability, cause our players to lose trust in us, and otherwise materially and adversely affect our reputation and business. Further, public scrutiny of, or complaints about, technology companies or their data handling or data protection practices, even if unrelated to our business, industry, or operations, may lead to increased scrutiny of technology companies, including us, and may cause government agencies to enact additional regulatory requirements or to modify their enforcement or investigation activities, which may increase our costs and risks.
Security breaches or other disruptions could compromise our information or the information of our players. If we sustain cyber-attacks or other security incidents that result in data breaches, we could suffer a loss of players and associated revenue, increased costs, exposure to significant liability, reputational harm, and other negative consequences.
Our business involves the storage, processing, and transmission of certain proprietary, confidential, and personal information of our players. We also maintain certain other proprietary and confidential information relating to our business and personal information of our personnel. Despite our security measures, our information technology may be subject to cyber-attacks, viruses, malicious software, break-ins, theft, computer hacking, employee error or malfeasance, or other security breaches. Hackers and data thieves are increasingly sophisticated and operate large-scale and complex automated attacks. Experienced computer programmers and hackers may be able to penetrate our security controls and misappropriate or compromise sensitive personal,
10