An Austrian data protection agency has filed complaints against Ubisoft, alleging that the gaming titan behind franchises like Assassin’s Creed and Far Cry is silently collecting data when you play single-player games, while having ‘no valid legal basis’ to do so.
The agency, known as ‘Noyb’, is leaning on GDPR to tackle what it claims is unlawful data collection. If the complaint is a success and enforcement action is taken by the Austrian Data Protection Authority, it could lead to a €92 million fine for Ubisoft.
‘Ubisoft is Still Watching You!’
The headline of an article published recently by Noyb says it all:
Like to play alone? Ubisoft is still watching you!
Noyb has lodged a complaint against Ubisoft on the grounds that it’s forcing users to connect to the internet to play single-player games, which in turn allows Ubisoft to collect unnecessary data. Per the recent post from Noyb:
The company forces its customers to connect to the internet every time they launch a single player game. This is the case even if the game doesn’t have any online features. This allows Ubisoft to collect people’s gaming behaviour. Among other things, the company collects data about when you start a game, for how long you play it and when you close it.
Even after the complainant explicitly asked why he is forced to be online, Ubisoft failed to disclose why this is going on. Under Article 6(1) GDPR, there seems to be no valid legal basis to randomly collect such user data.
The full report can be read here.
The accusation is that users aren’t consenting to the processing of their data, as ‘the processing operation is only legal if it is necessary’.
One of Noyb’s lawyers explained:
Video games are expensive – but that doesn’t stop companies like Ubisoft from forcing their customers to play offline games online unnecessarily, just so they can make more money by tracking their behaviour. Ubisoft’s actions are clearly unlawful and must be stopped.
(Thanks to CyberInsider for the spot)
The team estimated that Ubisoft could face a fine of up to €92 million ($104 million) if the Austrian DSB imposes punitive action on the French firm. The complaint has also requested that Ubisoft ‘deletes all personal information that has been processed without a valid legal basis’.
It’s ambitious, for sure.
I’ve reached out to Ubisoft to see if they’ll comment on this story and will update you if they get back to me.
For more Insider Gaming coverage, check out the news that Reburn’s new game has been delayed on release day
Grant has been gaming for 30+ years and in the industry for 10+. You'll probably find him playing a post-apocalyptic game or an extraction shooter somewhere.
More from Grant Taylor-Hill
Sell off Splinter Cell, Prince Of Persia, Beyond Good & Evil, and Rayman to Microsoft.
So, in short, as it’s common in this cases, the user doesn’t get any form of recompense…A company gets sued for millions, by another who wants to “protect user rights”, but the user is left in the one. Just a bunch of people making a lot of money on the backs of others. And in the end, the company sued doesn’t even change their ways. What the hell are these lawsuits for, then?