Ubisoft in the sights of European human rights activists: the company is accused of collecting data and requiring constant online connection in single-player games
The European human rights organisation NOYB (None Of Your Business) has filed a lawsuit against the gaming industry giant Ubisoft, known for the Assassin's Creed and Far Cry series. The reason for this was serious concerns about the company's data collection practices and mandatory internet connection even for single-player games.
Here's What We Know
The Austrian non-profit organisation NOYB took up the case of a Far Cry fan who asked Ubisoft to provide information about the data collected about him. NOYB lawyers argue that Ubisoft is in flagrant violation of the GDPR (General Data Protection Regulation), and now the company faces a potential fine of up to €92 million.
NOYB, founded by renowned privacy advocate Max Schrems, has experience in high-profile cases, including exposing the transfer of personal data of Europeans to the United States for use in the PRISM mass surveillance programme.
In the case of Far Cry Primal, Ubisoft informed the user that it collected standard data: game start time, game session duration, and game completion time. However, according to NOYB, the analysis of the data showed connections to external servers 150 times during 10 minutes of play, which the organisation calls "covert data collection".
Regarding the requirement for a constant online connection, Ubisoft explained to the user that it was necessary to confirm ownership of the game during its launch. NOYB countered that since the copy of Far Cry Primal was purchased via Steam, the verification could have been done through this platform without additional login to the Ubisoft account.
In its complaint, NOYB emphasises that according to the GDPR, data collection should only take place when it is "necessary", otherwise it is "unlawful". Interestingly, even Ubisoft's advertised ability to play PC games via Ubisoft Connect offline still requires an initial network connection.
In a conversation with Ubisoft support, the user was informed that acceptance of the End User Licence Agreement (EULA) means consent to Ubisoft's use of "third-party analytical tools to collect information about your and other users' gaming habits and product usage". In turn, acceptance of the Game Privacy Policy means that you agree to Ubisoft's collection of "game data to improve your experience and the security of our Services" and "login and browsing data to ensure the operation and security of our Services".
NOYB's argumentation is based on whether the user accepted the EULA simply by playing the game (the complaint claims that this is not the case), whether the data collected was personal (the complaint claims that it was), and whether its processing was lawful (the complaint claims that it was not).
Thus, the human rights organisation demands that Ubisoft change its practices in accordance with the GDPR and impose a significant fine on the company, "given that millions of users have been affected by these actions".
Source: Eurogamer
