Code for Europe Users New GDPR

Hi All,

i need your help to check if the user from Europe or not to show him the consent window before starting the game
i think that we can do that by checking the IP address or country code i don't know actually
we need to do this for the GDPR Compliance

Thank you

 

I strongly suspect, based on the way everyone is implementing their consent, that this isn't allowed. I definitely need to sit down with the website and go through all the requirements because it's very likely a lot of people are not aware of them all.

The EU's section on who the law applies to suggests that this is accurate.

https://ec.europa.eu/info/law/law-t...ulation/who-does-data-protection-law-apply_en

That said it's a moot point because the data you need to check if they are in Europe would itself qualify as personal data and you would need their consent before you could check. I believe the only safe (and smart) path at this point is to let everyone consent.

https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en

 

Just apply it to everyone. It’s likely other countries will follow suit in some fashion over time. Asking for consent, showing tos, etc, isn’t a negative impact for those outside the uk.

 

Spoiler: Rant

It totally is a negative impact.

I hate that just about every site, app and game is making me jump through privacy hoops because some official I didn't vote for is passing a law. Its ridiculous that the EU and US dominate global law on this, despite representing only a fraction of data users. My laws and internet use should not be dictated from Washington or Brussels.

This is regulation without representation. Wars have been fought over this stuff.

Applying it to everyone is the sensible idea.

 

Spoiler: Contra

It's the social contract, brah!

Agreed.

 

I don’t see it as a big deal (as a player). It’s really just notifying the user up front what you are doing. For our game it’s just a popup when you launch the game that says our privacy policy / tos has been updated. They can click accept to play or go to the terms and get more info. They don’t see it again unless we need to update it in the future or install on a new device/computer. It should not be jumping through hoops, it should be nothing more than reading a line text and clicking a button. If it is more than that.. crappy developer. It only seems burdensome now because everyone has basically waited to the last minute to implement it (dev will be devs). Once the deadline is passed, it will largely be transparent as you should only see it with new games/sites you visit.

While I am not a member of the uk, I don’t mind being informed of what a game is doing with my data or when its tos is updated, in fact the opposite, I am glad to be notified. These things changed and updated before(or simply weren't done), just in the background, or buried deep in some un-related site. The result here is informing users, and minimizing crap/shady "ad networks". I am very much in favor of some of these leech S***-mongers being forced to operate in the light of day. "Ad networks / aggregators" should be... uh... nevermind, nothing I can say would be considered appropriate by the forum rules.

 

Being last minute on this one as an indie dev isn't a big deal. It's going to be a long time before you see enforcement on small companies. It's going to be a while before you see enforcement period. Plus nobody even knows what constitutes obeying the law at this point at the technical level in some areas, there were basically zero guidelines given. So anything beyond a simple best faith effort really makes no sense. Let the big companies and the UE sort it all out, then when the smoke clears take another look at it.

 

Would this qualify as enforcement?

https://www.theverge.com/2018/5/25/17393766/facebook-google-gdpr-lawsuit-max-schrems-europe

 

Filing test cases early like this is fairly common. The EU has basically said what it wants to see is businesses making good faith efforts to move towards compliance, which is in line with how laws like this are normally applied. So I see zero chance that they are going to be coming after little guys making a reasonable good faith effort anytime soon.

 

This page pretty much sums up my own opinion on how it will likely play out. It's a more reasoned logic then most of the hysteria you see in a lot of the media. Which is exactly what the EU wants, they want to create the image that they are serious. But actually coming down heavy on average to small sized companies for a law with this big of an impact and as vague as some parts of it are, and doing so early on. Not going to happen.

https://www.gorvins.com/news-media/blog/gdpr-grace-consistency-enforcement/

 

https://stackoverflow.com/questions/4327629/get-user-location-by-ip-address

Code (CSharp):

1. static public string GetCountry()
2. {
3.     return new WebClient().DownloadString("http://api.hostip.info/country.php");
4. }

and to use the idea in Unity3d

https://docs.unity3d.com/Manual/UnityWebRequest-RetrievingTextBinaryData.html

 

Like I mentioned earlier though IP addresses are personal data. You'd need their consent to make use of it.

https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en

 

Ok.Then how these companies do it when they just display a Consent dialog in the EU?

Checking for system language for an approximation?

 

You seem to be under the impression that they're only showing consent dialogs in the EU. I'm in the US and I'm seeing consent dialogs for just about every site I'm visiting now. They're not singling out any one country. They're making it available to everyone. It's both the smart and easiest way to approach the new law.

 

Certain iOS apps indeed just show the Dialogs in the EU. At least I checked it from Germany and others with the same app version in Australia & the US don't see the dialog. It makes sense to just show the confusing dialog in the EU

 

If the dialog is confusing to people it's because you designed and implemented it poorly. Below is an example of a dialog from Microsoft's Visual Studio Code. It's very clear that the application is collecting data, it points you towards the privacy statement, and it points you towards a page where you can opt out of it.



Clicking the link to opt out sends you to a brief tutorial on how to disable it.

https://code.visualstudio.com/docs/supporting/faq#_how-to-disable-telemetry-reporting

 

Well. If this dialog is a forced consent then it's illegal .)

 

Between the dialog and the privacy policy they're providing precisely the information required.

https://ec.europa.eu/info/law/law-t...-be-given-individuals-whose-data-collected_en

Microsoft has one of the most thorough privacy dashboards I have seen.

https://account.microsoft.com/privacy/

 

Ok thank you for clarifying a lot of points
now what should i do to collect the consents and how can i keep it in database or record i mean how can i do it technically is there is any SDK or link to follow

 

now what should i do to collect the consents and how can i keep it in database or record i mean how can i do it technically is there is any SDK or link to follow

 

Look at other popular games how they do it. If you are in the EU you will see the dialogs. The given consent store local in the app. Some apps have a "withdraw consent" in the options menu. Their 1ist dialog is like "Accept or don't use the app" - As I said check some apps on the Appstore

 

the game Im still playing just block all players from eu just check idle poring on playstore...
checking just based on player ip will not be good. how can they filter out eu citizen that lives in other country? Id rather ask directly if player is eu citizen or not before they play

 

You can just remove the game from Europe directly from Play Developer Console or iTunes Connect.

I updated a few games with the GDPR dialog, but the games that are old or are not giving me much money in Europe I just un-publish them from there because it's not worth the time to update them.