Search Unity

  1. Get all the Unite Berlin 2018 news on the blog.
    Dismiss Notice
  2. Unity 2018.2 has arrived! Read about it here.
    Dismiss Notice
  3. We're looking for your feedback on the platforms you use and how you use them. Let us know!
    Dismiss Notice
  4. The Unity Pro & Visual Studio Professional Bundle gives you the tools you need to develop faster & collaborate more efficiently. Learn more.
    Dismiss Notice
  5. Improve your Unity skills with a certified instructor in a private, interactive classroom. Learn more.
    Dismiss Notice
  6. ARCore is out of developer preview! Read about it here.
    Dismiss Notice
  7. Magic Leap’s Lumin SDK Technical Preview for Unity lets you get started creating content for Magic Leap One™. Find more information on our blog!
    Dismiss Notice
  8. Want to see the most recent patch releases? Take a peek at the patch release page.
    Dismiss Notice

GDPR - What to do when EU citizen wants their personal data removed?

Discussion in 'General Discussion' started by sandbaydev, May 17, 2018.

  1. sandbaydev

    sandbaydev

    Joined:
    Aug 9, 2013
    Posts:
    63
    I started asking about GDPR in December last year and it seems to be very very difficult to get answers to questions in understandable manner. It feels like when you ask about color of grass you get answers about the length of the trees. Maybe this is way too complex issue. Maybe I'm a really poor at asking questions :D

    For this reason I try ask only ONE question in this thread. Maybe I get an answer.

    (For other questions, please see thread by @wwcolter at https://forum.unity.com/threads/unity-analytics-and-gdpr.513112/ )

    Assuming the following is true:
    Unity is collecting personally identifiable user information (e.g. IP address, advertising identifier etc) via because my game uses Unity IAP.

    Examples of personal data:
    https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en

    Here is my question:

    "EU citizen emails me and wishes to use their "right to be forgotten" - what exactly should I (the developer) do?"

    I expect Unity's answer to be something along lines "you go to web interface and delete analytics records of that person by clicking button next to IP filter..." or "please forward the requester's message to Joe at [email address here] and Joe gets back to you in 3 business days."

    I would really hope to get answer from somebody who understands English and can write back in English. And that person should hopefully answer to the question above and not something like "we are gpdr compliant" nor "here's link to our gdpr faq" nor "our legal team is working on this" nor "we will provide plugin where you can opt-out data collection".

    Thank you.
     
    zworp and chribbe like this.
  2. zombiegorilla

    zombiegorilla

    Moderator

    Joined:
    May 8, 2012
    Posts:
    7,141
    Ryiah likes this.
  3. sandbaydev

    sandbaydev

    Joined:
    Aug 9, 2013
    Posts:
    63
  4. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    11,850
    Have to agree with @zombiegorilla that the FAQ answers the question. Basically it's all handled through APIs.
    Unity Analytics.
    Unity Ads.
     
    Last edited: May 17, 2018
  5. chribbe

    chribbe

    Joined:
    Dec 14, 2016
    Posts:
    6
    @Ryiah @zombiegorilla

    How does that answer the question posted? If a user emails a developer on may 25th asking for complete erasure of all data that has been collected in the app. What would you as a developer (and responsible in this case) answer?
    Maybe -

    "Thanks for your email. There is a plugin I can not integrate because it doesn't exist that gives you the ability to opt out"

    or maybe, if you're using unity ads

    "Thanks for your email! Just keep playing the game and let it collect some more of your data - and then when you see an ad please quickly press the info button and then choose to opt out. "


     
    CloudWeight likes this.
  6. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    11,850
    With the information currently provided, I would respond saying to open the game in question, navigate to where the privacy settings are exposed to the user (eg Options -> Privacy), and click "Remove personal data from server".

    I recommend you start prototyping the menus for privacy now ahead of the release of the APIs.

    As mentioned there will be an API provided prior to that date. If you feel like they can't provide an API fast enough what makes you think they can provide a webpage just as quickly? They definitely won't be able to handle a manual process.

    It's clearly stated that opting out will result in the system no longer using their information to select targeted ads. What isn't clearly stated is what exactly this will mean but I'd hope that it would mean the data is cleared off their servers.
     
    Last edited: May 17, 2018
    chribbe, Kiwasi and zombiegorilla like this.
  7. zombiegorilla

    zombiegorilla

    Moderator

    Joined:
    May 8, 2012
    Posts:
    7,141
    This. That essentially what we have done already, we have added a blocking popup that shows on launch that notifies the player that the TOS has changed and the need to accept to continue playing. We can trigger it at anytime for all users, (so it can be useful for future if needed). We’ll trigger it when the changes go live. For ads and such (we don’t use unity’s ads). We’ve just added an opt out option in the settings. So if a user were to email us out of the blue like that we just direct them to launch the game and opt out.
     
    Kiwasi and Ryiah like this.
  8. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    3,602
    For a moment there I thought you were gonna suggest to implement a function that just pretends to delete the data, waits a bit, and then tells them the data was deleted ^_^.
     
    Joe-Censored likes this.
  9. sandbaydev

    sandbaydev

    Joined:
    Aug 9, 2013
    Posts:
    63
    As @Chrippe mentioned the "deletion" part was not stated clearly enough in the FAQ.

    I got response from the Unity GDPR team. (emphasis mine)

    "What does the developer do for right of erasure requests? The short answer is nothing. Unity will soon release an updated plugin for Analytics and an updated SDK for Unity Ads. Within these, the user will have the option to opt-out, or delete, their personal information. This request will go directly to us. So, as long as you implement the latest updates, no other action will be needed when a request comes in. Look for the updates late this week or early next week."

    This answers to my question.
     
  10. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    11,850
    Thanks for the clarification. It seems I completely misunderstood the question being asked.
     
  11. zombiegorilla

    zombiegorilla

    Moderator

    Joined:
    May 8, 2012
    Posts:
    7,141
    It also sounds like in the latest information they provided that it won’t be a separate plugin that will have to be installed, it will be directly integrated into the ads/analytics sdk. Which will be nice for the developer, just update and you are good to go.
     
    Ryiah likes this.
  12. MoribitoMT

    MoribitoMT

    Joined:
    Jun 1, 2013
    Posts:
    193
    How about apps uses only InAppPurchases, which auto enables Unity Analytics ? How do we get consent for using IAPs ?
     
  13. zombiegorilla

    zombiegorilla

    Moderator

    Joined:
    May 8, 2012
    Posts:
    7,141
    Basically you put up confirmation dialog when the game launches, that has a link to the TOS/Privacy Policy that explains what you are tracking, and that to play, they have to click a button saying they Accept the terms.
     
  14. MoribitoMT

    MoribitoMT

    Joined:
    Jun 1, 2013
    Posts:
    193
    What if user wants no data collection ? Like non-personalised ads? So we cannot use IAP anymore?
     
  15. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    11,850
    Unity's already explained how advertisements will be handled. You can see the relevant section in my first post in this thread or check the link below, but basically there will be an option to disable personalized ads on the ad itself.

    https://unity3d.com/legal/gdpr
     
  16. MoribitoMT

    MoribitoMT

    Joined:
    Jun 1, 2013
    Posts:
    193
    I am asking for InAppPurchases only, without ads. IAP aldo uses analytics, does IAP have its own dialog ?
     
  17. zombiegorilla

    zombiegorilla

    Moderator

    Joined:
    May 8, 2012
    Posts:
    7,141
    Users will be able to opt out of analytics. Make sure you have updated and use current sdk/plugin when it is released.