How do I make a complaint against a game maker?

I found a file on my computer from 7 Days to Die that says the following -

{"prefs":{},"analytics":{"enabled":true},"connect":{"limit_user_tracking":false,"player_opted_out":false,"enabled":true},"performance":{"enabled":true}}

Found this in Analytics file in personal LocalLow folder 7 days to die config file

I never opt-in and there is no function to allow you to opt out as per
"Unity provides the tools to allow a player to opt out of the PII collection, and to manage the personal data that Unity collects about them, as required by the GDPR. Your responsibilities include adding an opt-out button to your app, and providing a link to Unity’s privacy policy from your own privacy policy."

This is a breach of privacy and would like for unity to be aware.

Cheers.

 

As per https://docs.unity3d.com/Manual/UnityAnalyticsDataPrivacy.html

 

Contact the developers of the game - either via their forum or via the Steam Community.

Unity released a Unity Data Privacy Plug-in to the Asset Store last year. Perhaps they didn't know about this yet?

 

After a little reading, I still can't figure it out.

Unity builds always collect, I think, anonymized data about crashes. There's also Unity Analytics (which is different than the first thing?) and Unity Adds. The page for Unity Analytics implies it's off unless you turn it on. But the page about the privacy plug-in says if you don't use Adds, you must give a button to turn off Unity Analytics personal data gathering. Is that just bad working - are they trying to say "the Add privacy settings also work for analytics, but if you only use analytics you can't use that, and will need to use the button specially for analytics"? Or are they implying that Unity Analytics is always on in some form, and Must actually means Must?

 

When you agreed to the 7 Days To Die EULA, you agreed to this collection in section II.

As far as the GDPR, it is dubious whether US common law would allow enforcement against a small American company, and the EU has yet to even try.

 

Compliance is compulsory for US business, GDPR will affect all companies, individuals, corporations, public authorities or other entities that offer goods or services to individuals in the EU or that monitor their behavior there. Nothing dubious about it.

 

Thanks mate, trying that now.

 

Yes and no. Since the requirement to support the GDPR policies is dependent on having EU customers, it's not necessary to implement ways for people to delete their data if you simply eliminate support for EU customers and their data too.

I wouldn't be surprised in the slightest either if we reached the point where some companies did just that.

https://www.cmdsonline.com/blog/the-looking-glass/gdpr-us-websites/

 

i heard that performance tracking does not need GDPR compliance, this is not your personal data.

 

You can't track someone if you don't have a way to identify them, and it's the tool you use to identify someone that has to be removable from the system. Anonymous data on the other hand is completely allowed by the GDPR.

https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en

 

Keep in mind that the fault is probably Unity's here. By default all kinds of tracking are enabled by Unity, regardless of a game developer's wishes, and until recently you couldn't even turn them off even if you wanted to.

 

That is what the EU regulators want you to believe, but the enforcement of it on US businesses has to go through existing US/EU treaties and comply with the US Constitution, law, and policies (SCOTUS rulling). As an example, the GDPR's "right to erasure" (Article 17) would violate the US Constitution's 1st Amendment in some cases, so wouldn't be enforceable.

 

Local US laws don't matter much or at all if someone is consciously doing business with EU parties. In that case they must respect their laws or be subject to fines and sanctions. This is not GDPR specific.

If the 7 days to die developers do not want to bother with GDPR then they must remove the game from sale in the affecting regions. If the author thinks there is a clear violation going on and the developers are not reacting then he should take it to the platform owner that he bought the game from, eg. Steam support and report privacy violation.

 

That's not how judgments are enforced internationally. An EU court can issue as many fines as they want against an American company, but they aren't collecting a dime unless the American company has an actual presence in the EU's jurisdiction, or the EU gets the American courts to enforce the judgement. American courts are actually barred by US law from enforcing foreign judgments in certain circumstances (see SPEECH Act as an example), and are regardless unlikely to side with a foreign court judgement if the enforcement is for protected behavior within the United States.

For example, if I'm selling a game to the EU and an EU individual posts a review of said game on my web site with their real name (personal information subject to GDPR) and somehow in that review they make themselves look bad. They later decide they want either the review taken down or their name removed, and use the GDPR's article 17 to force me to do so. Now most likely I would just to be nice and do so, but me keeping that review up with their name attached is protected 1st Amendment speech in the US. The EU can fine me all they want, but an American court isn't going to enforce the judgement against protected 1A speech, and without bank accounts in the EU there is no other way than the American courts to collect.

 

That's not going to work in the long run. If you use an kind of sales platform they will eventually kick you out or restrict your sales towards EU, eg. Apple does this pretty quickly for privacy violations. If you will act as a direct seller then you will get most likely be flagged as dirty participant by SEPA and other payment processors, eg. PayPal is rather trigger happy to block accounts when being contacted by authorities. There is a lot they can do even if you could never be fined/sued directly.

 

The first amendment is just as useless and unenforceable in the EU.

If you are selling in the EU, EU laws apply. If an EU court fines you, you’ll have to pay up and comply, or stop selling in the EU entirely.

Sure, it will be rough for them to chase fines across international borders. But it will be very easy to block the sale of your game in EU.

 

I don't think anonymous data is affected by GDPR.

(I'm not a lawyer though)

 

Then contact unity directly instead of posting on the forums. This isnt really the place for contacting unity support, while they do frequent the forums they are not going to necessarily see this thread. Emailing is your best bet.