Search Unity

How do I make a complaint against a game maker?

Discussion in 'General Discussion' started by frankieworldonline, Jul 1, 2019.

  1. frankieworldonline

    frankieworldonline

    Joined:
    May 22, 2019
    Posts:
    4
    I found a file on my computer from 7 Days to Die that says the following -

    {"prefs":{},"analytics":{"enabled":true},"connect":{"limit_user_tracking":false,"player_opted_out":false,"enabled":true},"performance":{"enabled":true}}

    Found this in Analytics file in personal LocalLow folder 7 days to die config file

    I never opt-in and there is no function to allow you to opt out as per
    "Unity provides the tools to allow a player to opt out of the PII collection, and to manage the personal data that Unity collects about them, as required by the GDPR. Your responsibilities include adding an opt-out button to your app, and providing a link to Unity’s privacy policy from your own privacy policy."

    This is a breach of privacy and would like for unity to be aware.

    Cheers.
     
  2. frankieworldonline

    frankieworldonline

    Joined:
    May 22, 2019
    Posts:
    4
  3. Mauri

    Mauri

    Joined:
    Dec 9, 2010
    Posts:
    1,493
    Martin_H likes this.
  4. Owen-Reynolds

    Owen-Reynolds

    Joined:
    Feb 15, 2012
    Posts:
    694
    After a little reading, I still can't figure it out.

    Unity builds always collect, I think, anonymized data about crashes. There's also Unity Analytics (which is different than the first thing?) and Unity Adds. The page for Unity Analytics implies it's off unless you turn it on. But the page about the privacy plug-in says if you don't use Adds, you must give a button to turn off Unity Analytics personal data gathering. Is that just bad working - are they trying to say "the Add privacy settings also work for analytics, but if you only use analytics you can't use that, and will need to use the button specially for analytics"? Or are they implying that Unity Analytics is always on in some form, and Must actually means Must?
     
  5. Joe-Censored

    Joe-Censored

    Joined:
    Mar 26, 2013
    Posts:
    6,018
    When you agreed to the 7 Days To Die EULA, you agreed to this collection in section II.

    As far as the GDPR, it is dubious whether US common law would allow enforcement against a small American company, and the EU has yet to even try.
     
    GameDevCouple_I and Kiwasi like this.
  6. frankieworldonline

    frankieworldonline

    Joined:
    May 22, 2019
    Posts:
    4
    Compliance is compulsory for US business, GDPR will affect all companies, individuals, corporations, public authorities or other entities that offer goods or services to individuals in the EU or that monitor their behavior there. Nothing dubious about it.
     
  7. frankieworldonline

    frankieworldonline

    Joined:
    May 22, 2019
    Posts:
    4
  8. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    14,290
    Yes and no. Since the requirement to support the GDPR policies is dependent on having EU customers, it's not necessary to implement ways for people to delete their data if you simply eliminate support for EU customers and their data too.

    I wouldn't be surprised in the slightest either if we reached the point where some companies did just that.

    https://www.cmdsonline.com/blog/the-looking-glass/gdpr-us-websites/
     
    Last edited: Jul 2, 2019
    Kiwasi and Martin_H like this.
  9. Tiny-Tree

    Tiny-Tree

    Joined:
    Dec 26, 2012
    Posts:
    1,276
    i heard that performance tracking does not need GDPR compliance, this is not your personal data.
     
  10. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    14,290
    You can't track someone if you don't have a way to identify them, and it's the tool you use to identify someone that has to be removable from the system. Anonymous data on the other hand is completely allowed by the GDPR.

    https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en
     
  11. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    5,759
    Keep in mind that the fault is probably Unity's here. By default all kinds of tracking are enabled by Unity, regardless of a game developer's wishes, and until recently you couldn't even turn them off even if you wanted to.
     
  12. Joe-Censored

    Joe-Censored

    Joined:
    Mar 26, 2013
    Posts:
    6,018
    That is what the EU regulators want you to believe, but the enforcement of it on US businesses has to go through existing US/EU treaties and comply with the US Constitution, law, and policies (SCOTUS rulling). As an example, the GDPR's "right to erasure" (Article 17) would violate the US Constitution's 1st Amendment in some cases, so wouldn't be enforceable.
     
    Last edited: Jul 2, 2019
  13. Ostwind

    Ostwind

    Joined:
    Mar 22, 2011
    Posts:
    2,768
    Local US laws don't matter much or at all if someone is consciously doing business with EU parties. In that case they must respect their laws or be subject to fines and sanctions. This is not GDPR specific.

    If the 7 days to die developers do not want to bother with GDPR then they must remove the game from sale in the affecting regions. If the author thinks there is a clear violation going on and the developers are not reacting then he should take it to the platform owner that he bought the game from, eg. Steam support and report privacy violation.
     
    Kiwasi likes this.
  14. Joe-Censored

    Joe-Censored

    Joined:
    Mar 26, 2013
    Posts:
    6,018
    That's not how judgments are enforced internationally. An EU court can issue as many fines as they want against an American company, but they aren't collecting a dime unless the American company has an actual presence in the EU's jurisdiction, or the EU gets the American courts to enforce the judgement. American courts are actually barred by US law from enforcing foreign judgments in certain circumstances (see SPEECH Act as an example), and are regardless unlikely to side with a foreign court judgement if the enforcement is for protected behavior within the United States.

    For example, if I'm selling a game to the EU and an EU individual posts a review of said game on my web site with their real name (personal information subject to GDPR) and somehow in that review they make themselves look bad. They later decide they want either the review taken down or their name removed, and use the GDPR's article 17 to force me to do so. Now most likely I would just to be nice and do so, but me keeping that review up with their name attached is protected 1st Amendment speech in the US. The EU can fine me all they want, but an American court isn't going to enforce the judgement against protected 1A speech, and without bank accounts in the EU there is no other way than the American courts to collect.
     
  15. Ostwind

    Ostwind

    Joined:
    Mar 22, 2011
    Posts:
    2,768
    That's not going to work in the long run. If you use an kind of sales platform they will eventually kick you out or restrict your sales towards EU, eg. Apple does this pretty quickly for privacy violations. If you will act as a direct seller then you will get most likely be flagged as dirty participant by SEPA and other payment processors, eg. PayPal is rather trigger happy to block accounts when being contacted by authorities. There is a lot they can do even if you could never be fined/sued directly.
     
    Last edited: Jul 2, 2019
  16. Kiwasi

    Kiwasi

    Joined:
    Dec 5, 2013
    Posts:
    16,440
    The first amendment is just as useless and unenforceable in the EU.

    If you are selling in the EU, EU laws apply. If an EU court fines you, you’ll have to pay up and comply, or stop selling in the EU entirely.

    Sure, it will be rough for them to chase fines across international borders. But it will be very easy to block the sale of your game in EU.
     
  17. xVergilx

    xVergilx

    Joined:
    Dec 22, 2014
    Posts:
    1,875
    I don't think anonymous data is affected by GDPR.

    (I'm not a lawyer though)
     
  18. GameDevCouple_I

    GameDevCouple_I

    Joined:
    Oct 5, 2013
    Posts:
    1,757
    Then contact unity directly instead of posting on the forums. This isnt really the place for contacting unity support, while they do frequent the forums they are not going to necessarily see this thread. Emailing is your best bet.
     
    Socrates likes this.