Search Unity

  1. Unity 2020.1 has been released.
    Dismiss Notice
  2. Good news ✨ We have more Unite Now videos available for you to watch on-demand! Come check them out and ask our experts any questions!
    Dismiss Notice

GDPR and CCPA region identification

Discussion in 'Unity Analytics' started by tessellation, Jul 10, 2020.

  1. tessellation

    tessellation

    Joined:
    Aug 11, 2015
    Posts:
    222
    The GDPR and CCPA data privacy laws affect citizens of the EU and residents of California. I live in Washington state and when I install and run popular games from big game companies, they don't prompt me for consent to opt-in to sharing my data. My assumption is that these companies are able to detect the region that a user has installed the app from and so they only prompt for consent when a user resides in the EU or CA.

    At the moment, I don't have a good way to detect this and Unity doesn't provide this information. Device language isn't an accurate measure of citizenship and wouldn't help at all with US state residency.

    I'm looking for advise on how to detect these users. Is it practical for Indie developers to do this? Are there SDKs or services that do this? What are you using for your games?

    Our current plan, in lieu of region detection, is to prompt for consent for all installs. I would love to hear from Unity about this: if there are plans to make this easier in the future.

    Thanks for the advise!
     
  2. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    7,608
  3. tessellation

    tessellation

    Joined:
    Aug 11, 2015
    Posts:
    222
    Thanks for the reply. I don't think that's legally possible for GDPR in the case where you want to collect game analytics. In this case I believe you'd need to set "Analytics.initializeOnStartup = false" and then prompt for consent. My understanding ("I'm not a lawyer" disclaimer) is that GDPR is opt-in, whereas CCPA is opt-out. Even with CCPA, the "Do Not Sell" button needs to be really obvious, not buried in a secondary-screen.

    I was previously putting the Data Privacy button within our Options UI, but we're also using an Ad Mediator now so we need to prompt for consent because it isn't necessarily UnityAds being shown the first time.
     
  4. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    7,608
  5. tessellation

    tessellation

    Joined:
    Aug 11, 2015
    Posts:
    222
    An engineering contact of mine suggested services like maxmind geoip. I don't know how "indie-friendly" their plans are in terms of pricing, but my biggest legal concern would be that the state-level detection by IP is only 80% accurate. This could work for GDPR, however, since country accuracy is 99.8%.
     
    JeffDUnity3D likes this.
  6. kumade

    kumade

    Joined:
    Nov 3, 2016
    Posts:
    28
    Hey did you find any good way for an indie studio to detect if user needs to be asked about his CCPA consent?
    Great game btw! Keep up the great work!
     
  7. tessellation

    tessellation

    Joined:
    Aug 11, 2015
    Posts:
    222
    Not at the state level, since the accuracy is only 80% (at least for maxmind geoip). Right now our game asks for consent in all countries, just to be kind and fair to all users. However, if you only want to prompt for players that fall under these laws and you want to ensure compliance with the laws, you'll probably want to ask for consent for all players in the USA and EU. Country accuracy is high (99.8%) and the prices for country lookup are far cheaper. I am not an authority on this, so this is just what I learned so far with my limited research and legal knowledge on the subject.

    Thanks, I'm glad you like Tiny Bubbles!
     
  8. kumade

    kumade

    Joined:
    Nov 3, 2016
    Posts:
    28
    Thank you for the tips! Ridiculous how the entire world of developers big and small should suffer now because Californians decided to be so special :)
     
unityunity