Video game giant Ubisoft – the company behind Assassin’s Creed, Far Cry, Prince of Persia – has been accused of breaching GDPR by forcing customers to go online every time they launch a single player game, allowing the firm to collect gaming behaviourial data without consent.
Even though most games can be played without ever interacting with other players, Ubisoft forces players to connect to the Internet and log in to a Ubisoft account before they can actually play a purchased game.
The issue has triggered a GDPR complaint by the Max Schrems backed organisation NOYB, which has been logged at the Austrian data protection authority, DSB.
The organisation is urging the authority to investigate Ubisoft under Article 6(1) GDPR, claiming the company is processing of personal data without a valid legal basis.
In addition, it is calling on Ubisoft to delete all personal information that has been processed without a valid legal basis – and that the company ceases further unlawful processing.
NOYB data protection lawyer Joakim Söderberg said: “Imagine if the Monopoly man sat at your table and took notes every time you want to play a board game with your family or friends. Well, that’s the reality of video games.
“Often, it doesn’t even matter if the games are played online or offline. As long as you have an open Internet connection when you play, your data is collected and analysed.”
Related stories
Meta’s mega AI data grab sparks mass GDPR complaint
Germans back fight against ChatGPT data inaccuracies
Industry in peril as Schrems declares war on ChatGPT
Brussels blows ‘pay or consent’ models out of the water
Meta hit by double whammy over ‘illegal’ data practices
Meta ad-free service faces data protection showdown
