Investing in Privacy and Security
Privacy
Our Global Privacy Principles follow globally recognized privacy tenets and best practices, and our Privacy Policy seeks to provide transparency regarding our data practices.
Our Approach
Privacy-by-design is more than just a concept at Electronic Arts. It’s a practice that is embedded in our policies, processes and operations. Following globally recognized privacy tenants and best practices, we contemplate privacy throughout the lifecycle of our games, services, events and initiatives. The Global Privacy Program is under the oversight of our Chief Privacy Officer, who leads a cross-functional team in the review of all games or initiatives that process player or employee personal information.
Our players are increasingly conscious of how they want their data used and global regulations are becoming more prescriptive. In this environment, we work to create player-first privacy practices that identify potential risks and address potential concerns over the processing of personal information. Our Privacy Policy seeks to provide transparency regarding our data practices, and we look for ways to provide our players with controls over how their data is used. As always, we stand committed to our Global Privacy Principles, which follow internationally accepted best practices for processing personal information.
We do not design functionalities or “back doors” into products or services that would allow entities, including governments, to circumvent security features or otherwise compromise the security of our products and services in ways that could infringe on individual privacy rights. We also seek to protect against unauthorized access, use, destruction, modification, or disclosure of personal information through the constant vigilance and safeguards enabled by our Security teams.
Global Privacy Principles
Transparency
EA strives to disclose how we collect, use, share, or otherwise process personal information in a way that is accessible and easy to understand.
Notice, Consent, and Choice
EA notifies players and employees of our data practices, including the types of data we collect, where it is stored, how and why we use it, how to contact EA, and how to exercise data privacy rights. EA also offers reasonable and appropriate choices on personal data use and we obtain consent, where appropriate, before processing personal information.
Data Privacy Rights
EA provides players and employees the right to access, update, correct, and request deletion of personal information.
Security and Integrity
EA implements reasonable safeguards to protect against the theft, inappropriate use, or unauthorized disclosure of personal information and promotes the overall integrity of information and systems.
Accountability and Enforcement
EA provides reasonable ways to resolve complaints and disputes and respond promptly to inquiries, requests, or complaints.
Data Minimization and Purpose Limitation
EA strives to limit processing of personal information what is relevant or necessary to accomplish specific purposes disclosed to our players and employees and deletes or anonymizes data when it is no longer needed.
Security
We take a risk-based approach to addressing security threats that includes control layers across all aspects of our games, services, and infrastructure. Our security management system (SMS) is based on standardized security frameworks from recognized organizations such as the International Standards Organization, the National Institute of Standards and Technology, and the Center for Internet Security.
We have an extensive network of guidelines and playbooks to ensure adherence to relevant security protocols throughout our operations. In addition, all our employees are required to complete mandatory annual security training. Electronic Arts also maintains controls and procedures designed to assess and mitigate risk with partners that are able to access sensitive or personal information, resources or data.