It looks like you're new here. If you want to get involved, click one of these buttons!
There is still significant question whether the EU will be able to enforce the GDPR against companies with no actual presence within the EU.
They tried to solve this be adding a requirement that if a company "knowingly" intends to market within the EU, they must establish a representative within the EU, presumably to receive any legal actions including fines.
Problem is, they can't actually force anyone to do this anymore than insure any fines levied can be collected.
It seems they left the actual enforcement provisions outside of the GDPR with references basically saying according to international agreements which will be determined later.
Such agreements may never come. For example, the EU considers IP addresses to be private data, the US doesn't. Will a US judge or legal entity actually agree to enforce this, that's for a future court to decide.
Some point out generally the US and EU cooperate on reciprocal agreements. It was also noted German courts normally frown on US court punitive damages as recently happened to Blizzard and their judgement against the cheat software firm located in Germany.
I found two pretty good articles/ discussion threads on this subject, and clearly this is in the realm of something which should be dealt with under the advice of competent legal counsel.
Bottom line is, its quite possible smaller firms like many indie developers might not have to really comply, because enforcement actions will likely be centered around larger firms with an EU presence.
Might want to consider moving that German website outside of the EU, or they may end up designated as the representative.
.https://community.spiceworks.com/topic/2007530-how-the-eu-can-fine-us-companies-for-violating-gdpr
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
Comments
It's not like you see every site every having cookie tracking warnings when you visit them. You only see them on a few big websites.
Practice doesn't make perfect, practice makes permanent.
"At one point technology meant making tech that could get to the moon, now it means making tech that could get you a taxi."
https://www.reuters.com/article/us-facebook-cambridge-analytica/trump-consultants-harvested-data-from-50-million-facebook-users-reports-idUSKCN1GT02Y
Also, appropriate legal investigations are already underway, without any more additional laws.
But this discussion isn't about US politics, its about the impact of compliance on smaller gaming firms without the funds to do detailed legal analysis and compliance activities.
But firms like EA and WOW will certainly have to comply, and certainly can well afford to do so.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
“We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis that the entire company was built on,” Wylie told the Observer.
https://www.reuters.com/article/us-facebook-cambridge-analytica/trump-consultants-harvested-data-from-50-million-facebook-users-reports-idUSKCN1GT02Y
I read it and i can assure you i was not on a mission to derail your thread. You dont need to be a rocket science engineer to understand that democracy was attacked. That was the entire point with the company Cambridge Analytica that now is bankrupt.
Since you dont seen to appreciate a wider discussion in the matter i see no point in further replies.
Facebook's entire business model consists of getting people to input their personal information and then trying to profit off of using people's personal information. That Cambridge Analytica managed to extract and use personal information in ways that Facebook didn't approve of isn't any worse than what Facebook itself does to its own customers every day.
As the saying goes, if you're not paying for a product, you are the product. If you use Facebook, you are the product. Whatever you input on Facebook, you should assume that it will eventually be open for all the world to see and with your name attached to it. If you don't like that, then don't use Facebook.
Ideally, the compliance costs for small gaming companies would at most consist of paying some minor fee to implement a standard solution that is for sale. We don't want them to aim at Facebook and accidentally smack small, independent game studios instead. Whether that will happen depends tremendously on the details.
I am sorry to say, but US , since your "awesome duck" has come into power, has done nothing but harm EU.
If this will harm the gaming industry , is yet to be seen, but I doubt it will. Actually is ..somehow cleaning it.
Reporter: What's behind Blizzard success, and how do you make your gamers happy?
Blizzard Boss: Making gamers happy is not my concern, making money.. yes!
Your personal information is more than likely already sold and resold to multiple info brokers.
What the article is trying to address, and I wonder about it, is how EU will protect their people. The US has shown it cares not. "When in Rome..." comes to mind, and how local laws trump national laws, like if a German committed murder here in the US, say in Texas, they would be tried based on Texas law, not EU law, I think (I'm no lawyer). The Internet is a "sticky wicket", so to speak, crossing boundaries freely without actually (physically) crossing boundaries. No ONE country owns, runs, or controls the Internet.
Also, for the "voting tampering" hubbub... I believe that any sane human would realize that given a choice between Hillary and Donald, Russia would much rather have the "bend over backwards for peace" Hillary in power instead of "meaty tweety" Donald Trump. Just my opinion.
- Al
Personally the only modern MMORPG trend that annoys me is the idea that MMOs need to be designed in a way to attract people who don't actually like MMOs. Which to me makes about as much sense as someone trying to figure out a way to get vegetarians to eat at their steakhouse.- FARGIN_WAR
I'm not saying that there shouldn't be regulations to protect customer privacy. I am saying that, if you're aiming at Facebook, then hit Facebook and not a bunch of other companies that weren't the problem. And maybe they will, but it depends on the details that no one on this site will bother to investigate and understand. To say that you unequivocally support or oppose the regulations is based mostly on ignorance.
Most PC/Console games aren't trying to collect tons of your personal data.
All those "free" mobile/web-based/casual games, on the other hand....
I could see more small devs setting up licensing agreements like Portalarium did, especially with firms in Russia which isn't actually a great respector of other nations rules and regulations.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
And lets be honest literally do, since of course your mom is going to play a game you worked on, and of course your company is going to sell her data (there's a reason they grab everything from contact lists to photo albums).
Practice doesn't make perfect, practice makes permanent.
"At one point technology meant making tech that could get to the moon, now it means making tech that could get you a taxi."
Yes, I realize that I'm wandering into "no true Scotsman" territory here.
On the tech side of things, compliance actually doesn't seem all that difficult. You need to understand what all the personal data you are collecting is, what it's being used for and where it's being stored. Assuming you aren't doing anything dodgy with the data, compliance for most of our clients so far just involves a greatly improved privacy policy (which has to explain all the uses of data) plus a load of consent capture mechanisms that we now have to make use of (for example, customers can opt out of automatic processing of their data if not vital to delivery of the service).
The harder side of things is getting everyone to change their mindsets when it comes to personal data. For example, our developers routinely copy live database onto their local machines so that they can work on a website with the latest data. We can no longer do that without anonymising the databases. Likewise, we have tons of clients who write personal data down or print out data and leave it lying around. Again, they're no longer allowed to do that unless they have a valid reason or unless they delete/destroy the data once they've finished using it.
Outside of the EU I am given to understand compliance is actually harder than inside the EU. In a discussion over on MOP, someone was trying to explain to me that if an EU client leaves a US business, the GDPR means they have to delete all data about that client. As the guy worked for a small bank which used tons of internal systems, he was saying that it was basically impossible to do due to archaic nature of their IT systems and so they were having to pull out of the EU market.
Thinking of MMO companies, I think all the big companies will be fine unless they are selling your data. What will be interesting is they have to tell us what they're using our data for and I think we could see some surprises. For example, if an MMO monitors your behaviour and then suggests cash shop items based on your behaviour, that is a type of automatic processing of personal data that is not essential for the delivery of the game, thus we are allowed to opt out of it.
That is where their cost of compliance might go up. Allowing us the ability to opt out of data processing that isn't necessary for the core product (playing the game) could be difficult.
Personally, I'm still very happy that the GDPR is coming into force next week. Ideally we needed these regulations 20 years ago when the internet first became popular, but better late than never! I had been debating for a while about deleting my Facebook account but am now waiting for the GDPR to come into effect before doing so, then I'll exercise my new right to be forgotten. I'll then be testing them over the following few months to see whether they start collecting my data without my permission (what they refer to as shadow profiles).
Only a select few in IT (of which I am not one) may even log into a prod system to troubleshoot and all test data must be masked or stimulated.
So compliance with the GDPR wasn't too hard with most changes being on the marketing side of the firm.
On the IT side data segregation has long been an issue and we are heavily regulated as to where data may be stored and who may access it.
I think the greatest challenge for game companies (and everyone really) is putting in secure systems to prevent unauthorized access as the penalties for breeches is going up.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
That "right to be forgotten" applies to our marketing data, but not the financial, we keep that as long as legally required.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
Cross Country lawsuits and stuff is pretty damn hard to deal with especially when another company scams you i've found that out before, but I've also been told by some that doing business online if you sell something on Ebay for example, or are a EU Customer and such the people who sell are forced to abide by European Law, even if they are not actually making the sale or located in European region.
Someone from the EU could purchase an account and under the GDPR the company would be required to follow its rules or face penalties.
The reality is atm there is no defined way for the EU to enforce those rules, which the GDPR leaves very much in a TBC state atm.
If you are a large firm with deep pockets and many EU customers I suspect the EU would be much more inclined to try and press the enforcement of the regulations.
Also, perhaps as in the US someone would have to file their own legal procedures in the EU to then get EU authorities to begin to take action as I assume resources to enforce will be limited.
Bottom line, a smaller firm or ebay seller may be able to ignore the GDPR as there really isn't much the EU authorities can do.
It may mean however, companies won't locate servers in the EU as that might be a physical presence.
Well, if the UK completes a hard Brexit then that would likely become the main home of EU servers, while Germany would likely be avoided.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
Just wondering...
"I am my connectome" https://m.youtube.com/watch?v=HA7GwKXfJB0
Its just all of this takes time and money to pursue, and the focus would be on larger titles.
You know how many games Steam has listed right? Imagine having someone go through and validate if all are GDPR compliant.
Ugh, not a job I would relish.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon