No sense having fun in an unsafe and dangerous environment, especially when young player and vulnerable adults take part in it. Asking people to provide personal information and sensitive data, which then uncontrollably are made available to other players in the game, should be one of the main considerations to avoid on behalf of any game designer. There no two ways about it, as you have to design and deliver a game where you are perceived actually are trustworthy to make your user feel safe. Customers should feel comfortable with the data they enter (email, passwords, bank info, etc) and know and trust how their data is being used. While in the past, this was left to the game designer’s own device and compliance, today international regulations like GDPR not only will enforce that but will also pursue legal action resulting at minimum into really high fines, to say the least.
Of course, when first starting to create a game it is not vital to have all features as they can be added later. However, before even typing the first line of code it is essential that at least a set of goals to be achieved should exist as plan. But no game can be created without the desire of the creator.