The £1m question: How does confidentiality work in UK law?

Red Dead Redemption 2 is the source of many incredible stories and not all of them are set in the wild west. The game attracted incredible media attention, with every site vying for the immense web traffic circulating the game. While that was lucrative for some, it proved very costly for one website. Trusted Reviews ended up paying out £1m to charity in compensation for leaking Take-Two’s confidential information about the game.

It seemed timely then to look at where the letter of the law lies in respect to the relationship between those who hold confidential information and those they share it with, how you can keep such information secure and what can and can’t be published without risk of legal sanction.

Thankfully, it’s far from the wild west out there, so know the rules and you’ll be just fine.

All the advice here applies to developers, publishers, PRs and journalists – and it applies equally to games, hardware, tools and services (we’ll just say ‘projects’ from here on in). Confidential information is constantly being shared between these groups and not simply in the PR to press relationship. So whatever your business, it’s worth taking this advice into account.


The games industry transmits a huge amount of information every day. With the vast majority which comes into the public domain being specifically designed for that purpose. Such press materials might leak early, but the big stories usually come from information that was never intended for public consumption.

It’s fairly rare for design documents or internal memos around a project to leak – though Rockstar and Take-Two are far from alone in this regard, as Ubisoft’s Mario + Rabbids Kingdom Battle leak in May 2017 clearly demonstrates.

Leaks may end up with journalists, but they rarely start with them. The press is far from the only external group who will be involved with the project. Publishers, investors, platform holders, manufacturers, retailers, merchandisers, creative or marketing agencies and many, many more will see information that is not yet, or not ever, intended for public release.

With all these potential avenues for leaks, we ask Alex Tutty, who heads the computer games department at law firm Sheridans, what the law can do to protect your project’s secrets.

“What the Take-Two vs Trusted Reviews matter illustrates is the importance of the law of confidentiality,” he says.

In layman’s terms, something is confidential when its been told to you in confidence, when it’s made clear that this isn’t intended for public disclosure, the information is not in the public domain already, and it would be potentially damaging if revealed publicly.

Mark Phillips, partner at Harbottle & Lewis, suggests protecting your confidential information with a three-step hierarchy: “Bare minimum is you tell people it’s confidential, next step up is that you watermark everything and slap confidential on it, third level – and the best level – is get them to sign an NDA.”


The NDA is the most conspicuous weapon in the legal armoury of confidentiality. Many journalists have signed more of these than they’ve had free mini burgers – quite a feat – and often without ever reading them beyond noting the embargo date itself. Read or not, the NDA is well worth the effort, Tutty tells us.

“The best way to protect confidential information is expressly, with an agreement such as an NDA. They create a direct contract between the discloser and the recipient which allows the disclosing party to take legal action not just under the law of confidentiality but also for breach of contract. They also help demonstrate that the information is confidential. We would also recommend marking correspondence that is confidential as such.”

In fact many of us already do, thanks to those lengthy email signatures appended to your every missive.

“[NDAs] can be agreed electronically and by correspondence or conduct,” Tutty continues. “It is always best to have a signed document – using DocuSign or on paper if you are old fashioned – but a response to the receipt of an NDA confirming the terms are agreed would be sufficient in most cases to demonstrate that a party agreed to those terms.”

So while signing on the dotted line is great, the modern method of simply replying to an email, with an agreement of the terms, works too.

NDA’s aren’t just for journalists, though. Many others can also be made to sign an NDA in order to ensure that your project’s secrets are protected. However, not everyone will be willing to do so, Phillips tells us.

“If you go and pitch ideas to venture capitalists (VCs) often they won’t sign an NDA. They get punted ideas all the time, and will say: ‘If we don’t like your idea but we go with someone else with a similar idea, then we don’t want you arguing that we’ve taken the idea’. So a lot VCs are wary of signing NDAs and, if they do, it’ll be their own NDA with a big carve out to deal with the point
just mentioned.”


With some unwilling to sign, and many more potentially receiving confidential information without your express permission, it’s good to know that even without an
NDA your project’s secrets are still protected by law, Tutty explains.

“While NDAs are a contract between two parties that the receiving party will not disclose the confidential information, the law of confidentiality can, in certain situations, imply a duty of confidentiality to a third party even where there is no contract,” he says.

Because of this, “marking materials as confidential is always advisable,” he adds, “as this could mean if a third party receives this information, they cannot use it without the developer’s consent.”

So even if you never signed an NDA, you can’t simply print confidential information without the owner’s consent. Which is what happened between Take-Two and Trusted Reviews. So is anything with ‘confidential’ stamped on it simply a no-go zone?

“To state the obvious, if something isn’t confidential you can’t make it so simply by stating it,” Phillips replies. “If it’s already in the public domain then you can’t just put a sticker on it saying ‘confidential’.”

Tutty adds to this, saying: “You cannot seek to gag one party from using information which is publicly available from other sources.”

While we were talking about confidentiality, the phrase ‘off the record’ came up a few times. Both Tutty and Phillips said the phrase had no legal meaning and that telling someone something is ‘confidential’ was a much better idea if you really didn’t want it leaked. Of course the phrase is pretty ambiguous anyway, as it often infers that the speaker is happy for the information to get out, but just doesn’t want it attributed to them.

Our advice: say what you mean. ‘Confidential’ or ‘not attributed’ are far clearer terms.


So if everything is confidential, then what about freedom of speech you might be thinking? Well that’s the “hot issue,” Phillips explains to us. The conflict between freedom of speech and confidentiality (or the right to privacy as it’s often called when talking about individuals) is very much ongoing.

“[Confidentiality] is sometimes seen as the big powerful person trying to gag someone, but actually it’s there for everybody. Frankly it’s an absolute given, certainly within the commercial world,” Phillips explains.

Effectively the same legal principle that keeps your project’s details from leaking also keeps all our private lives off the front page of the papers. One defence for leaking confidential information is that it’s in the ‘public interest’ to do so, but it’s not always clear what exactly that commonly-used phrase covers.

“The threshold to meet public interest is applicable to the wider general public, not just the gaming public,” Tutty points out. Which means the details of the next Halo game, or even Microsoft’s next games console, are unlikely to be covered by such a defence.

“What’s in the public interest isn’t necessarily what a journalist thinks is in the public interest,” says Phillips. “It isn’t what a journalist thinks the public might be interested in either. Think Watergate,” he adds, providing a proper example of a public interest defence.

Tutty explains: “Examples of instances where confidentiality has been outweighed [by public interest] are cover-ups of criminal behaviour, financial irregularities, dangers to public health and deliberately misleading the public.”

And while many of those have occurred in the industry, such exceptions are unlikely to cover most leaks around projects and products – unless those next-gen consoles have something truly malevolent at their cores.

And further to that, do not think that just because information has been leaked elsewhere, that it can then be reproduced without repercussions. A journalist may believe that largely ignored post on Resetera amounts to the information being ‘public’ but if a website with a large following then publishes that information, it may well be the site, not the original post, that’s in breach of confidentiality.


Despite the law being pretty squarely on the side of confidentiality, we see very few court cases regarding such leaks though.

“I would suspect that no publisher wants to annoy the press if it can be helped…” Tutty posits when asked about the rarity of court cases in the industry. And it’s not just your most powerful critics you might anger. Pursuing legal action against a website with a big, passionate audience could also create a consumer backlash as well.

Sometimes the old adage of ‘all publicity is good publicity’ can apply. After all it’s arguable that Mario + Rabbids actually benefited from its leak in the long run, with initial fan umbrage at the concept being sweetly reversed when Ubisoft showed the game in its full glory at E3 2017.

Tutty continues: “Often [the publisher] might not actually suffer any loss, making any legal action a pyrrhic victory.”

After all, you don’t want the expense of taking someone to court if there are no damages to collect.

“The basic premise is that the disclosing party [the publisher in our examples] should not be left out of pocket by the leaker. Typically the disclosing party would only take action if they had actually suffered loss as no one really likes legal fees for the sake of legal fees,” Tutty says, adding: “Except maybe lawyers.”

Phillips continues: “Once leaked, you would then prove loss, and it’s not hard to prove loss in that situation.”

Rather than demonstrating that the leak affected your final sales figures, which would be tricky, you could show that it had disrupted your expensive marketing plan or prevented you giving an exclusive on that information to another outlet, which may then have reciprocated with a certain level of coverage for the game.

“99 per cent of matters don’t go anywhere near court, for obvious reasons, but you always talk about the court because that’s the ultimate arbiter,” says Phillips.

And those ‘obvious reasons’ are money, with court costs for such cases being potentially huge.

A settlement made before court would save a lot of money, Phillips explains, and would be based around what would likely happen should you go to court anyway: “A good lawyer will always try and encourage people to sort it before it goes to court, because it saves a fortune.”

That means there are cases that are settled well out of the public eye.


Most of us simply never want to end up in court – we barely have time to do our jobs, let alone get caught up in a legal case. Even if you win, a case can suck the energy out of a company for months, even years.

Better to keep your secrets secret, Phillips tells us: “Train your workforce, put in place practical measures to reduce leaks, or if it’s really sensitive then put in place procedures to try and identify who is responsible,” such as unique identifiers on confidential materials.

And, for journalists, if that incredible scoop should land in your lap then it’s worth considering the advice of many libel lawyers who give media training: be conscious of your subject’s tendency to take legal action. Elton John for instance is famously libellous, having taken numerous publications to court over the years, and the press is now rightly cautious with stories concerning him as a result.

We’ll leave you to make up your own list of gaming’s most litigious companies, but three come to mind straight away, and that’s a list we’ll now be adding Take Two and Rockstar to as well. 

About MCV Staff

Check Also

Insomnia Gaming Festival i69 to host exclusive Intel Arc graphics card reveals and more

The Insomnia Gaming Festival will return to the NEC in Birmingham this August