Search Unity

  1. Unity 2019.2 is now released.
    Dismiss Notice

GDPR and GameTune

Discussion in 'GameTune' started by Egil-Sandfeld, Oct 4, 2019.

  1. Egil-Sandfeld

    Egil-Sandfeld

    Joined:
    Oct 8, 2012
    Posts:
    50
    In the GT documentation you state:

    1. Why do we need to contact you? Could there be a guide for this publicly instead?
    2. Is it sufficient to link to own Privacy Policy in the app, at the moment of consent, which has a link to the Unity PP?
    3. Reading up on the Unity Analytics Privacy Policy and GDPR, it seems the current Unity Analytics structure is to opt-out, while GDPR afaik is based on that explicit consent must be given. There's a difference here, and I'm not sure what to follow. Do I present a GDPR consent dialog at the start of the app like this plugin which then sets the options.SetGdprConsent(consent)? Or should I try to fetch the existing UnityEngine.Analytics.Analytics.playerOptedOut and use this for the consent?
    4. Can you elaborate on what ML features are restricted, should the user NOT give consent? Does the ML system work at all without GDPR consent?

    I'm really eager to properly implement GT, so I hope we can sort these things out :)
     
    M_R likes this.
  2. jennyhissa

    jennyhissa

    Unity Technologies

    Joined:
    Aug 1, 2019
    Posts:
    5
    Hi Egil-Sandfeld! Apologies for keeping you waiting – let me answer your questions:

    1. You are right and we are currently working on putting together better guidelines on how to work with GDPR. We suggest using Unity consent found in Unity Ads SDK, where users have the option to opt-in or opt-out of personally identifiable information collection. Unity Ads SDK provides a built-in GDPR compliant solution for handling end-user consent to GameTune. For more information about GDPR and the Unity Ads SDK, see Unity Ads Knowledge Base: GDPR Compliance. However, if you collect personally identifiable information data on your own, you are responsible for protecting and managing that data. If you wish to implement a custom consent or use a different legal theory, you will need to work with your attorney to determine GDPR compliance.

    2. To remain transparent for your users, you should notify them about personalized gameplay. The best practice is to list Unity as a third-party which collects data in your Privacy Policy, and include a link to Unity's Privacy Policy within your Privacy Policy.

    3. While we think that personalized ads and experiences require opt-in consent, GDPR allows for different legal theories that can be used for different services. In regards to Unity Analytics specifically, Unity has a legitimate interest (legal theory) in collecting analytics data for better crash reporting and fraud protection to better serve our users and that’s why the Privacy Plug-in for Analytics is opt-out.
      Unity Analytics and the Privacy Plug-in aren’t applicable to GameTune. Additionally, see the response re. Unity Consent and GameTune above.

    4. For users who have opted-out from data collection will have their data deleted and the answer they receive from GameTune will always be the control alternative.
      It does work without GDPR consent, but if you haven’t asked for the user’s consent, you should not call SetGdprConsent at all. GameTune will behave as if users in GDPR restricted countries had opted-out and users elsewhere opted-in.
     
    Egil-Sandfeld likes this.