Search Unity

Unity Unity Analytics Data Privacy Plug-in Available Now in the Asset Store

Discussion in 'Unity Analytics' started by ap-unity, May 21, 2018.

  1. tarahugger

    tarahugger

    Joined:
    Jul 18, 2014
    Posts:
    106
    This site has some of the clearest explanations I've been able to find. I am not a lawyer and not qualified to give legal advice. But essentially, you need to choose a legal basis for data collection and then clearly explain and be able to justify that position.

    Everyone right now is trying to avoid falling under the consent category by claiming 'Legitimate Interest', but we'll see soon how well that works out. The ability to opt-out in some ways may go against your claim that its required as part of providing the service. Because to use legitimate interest you're saying there is no reasonable other way to accomplish your goals, and that those goals are in the interest of your customer.

    Context matters, for example in advertising data collection it makes sense because you could say tracking a user's interests can provide them with a better experience - showing more relevant ads. A user can opt-out of this personalization aspect, but other aspects are still collecting personal data under legitimate interest - for example a device-id so you can limit/track how many ads have been shown.

    Another interesting example i read, was of a pizza company, do they have a legitimate interest claim to store/process your name, address, phone, location etc? absolutely, they're not going to require your opt-in consent because its required to do what you want them to do - deliver a pizza. But, that doesn't mean that they can keep that information, store it, pass it around the world, sell it to people, or use it for pretty much any other purpose. The basis only applies to the specific event of ordering that pizza.
     
    technicat, angrypenguin and spacepluk like this.
  2. spacepluk

    spacepluk

    Joined:
    Aug 26, 2015
    Posts:
    179
    I don't think such clause would suffice. There's been some discussion about it on webdev circles and it's the reason all the "cookie" popups just got super annoying:

     
  3. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    3,876
    So if I'm a freelance artist, the data I store is contact info and addresses that I have from my existing clientbase (people who in the past spent money for -, or inquired about my services) - much of which is publicly available on their websites anyway - and I'm not able to conduct my business without that info (need the mail addresses for communication and delivery, and the postal addresses for invoicing), does that constitute a "legitimate interest" and I'm ok as long as I don't share that data with third parties?
    What about data storage requirements? Do I need to lock away my folder of printed invoices that I've written?

    Quick google turned this up:
    http://it-ebs.co.uk/news/gdpr-paper-records-part-1/

    (emphasis mine)

    So if I hand my invoices over to my tax accountant, I'm supposed to make a log entry about it? This is unbelievably retarded imho.
     
    angrypenguin likes this.
  4. angrypenguin

    angrypenguin

    Joined:
    Dec 29, 2011
    Posts:
    12,055
    Nice!
     
  5. angrypenguin

    angrypenguin

    Joined:
    Dec 29, 2011
    Posts:
    12,055
    This bit could also be pretty painful to some, such as businesses which don't have a second person yet.

    So they're assuming that we necessarily intend to digitise everything? If someone sends me a physical copy of their CV I see no reason to digitise it. If I want a physically signed document then presumably there's a reason I wanted a physical signature in the first place. And even when I do digitise things that doesn't magically make the physical copy disappear.
     
    Martin_H likes this.
  6. sandbaydev

    sandbaydev

    Joined:
    Aug 9, 2013
    Posts:
    68
    This.
     
    theolagendijk likes this.
  7. coshea

    coshea

    Joined:
    Dec 20, 2012
    Posts:
    253
    Oh I didn't realise this, I thought that by ticking opt-out in the web view, it disabled all analytics? You are saying that if they opt-out, analytics and performance reporting still works, just the personal data is removed?

    On the plugin api page it says:

    "This button opens a player’s personal data privacy page where they can opt-out of Unity’s data collection and view the data that Unity has collected in the past."

    On the asset plugin page it says "Unity provides tools a player can use to opt-out of the collection and to manage the personal data collected by Unity as required by the GDPR. "
    (emphasis mine)

    - so yes personal data only?

    @ap-unity Can you confirm?

    In the plugin, if you tick the option to opt out in the web view, does it set Analytics.enabled = false ?

    (not tried it yet as don't want to disable analytics for my game on my device)

    Thanks
     
    sandbaydev likes this.
  8. sandbaydev

    sandbaydev

    Joined:
    Aug 9, 2013
    Posts:
    68
    Would be amazing to be able to control what data my games send to Unity.
    Would be amazing to be able to tell WHAT is being collected, and HOW LONG that data remains and ANONYMIZE it as needed.

    Via clear code.
    Or via clear web interface.
    Not via "here's nasty looking popup" or adjusting settings of code/editor/web/million other places.

    Code such as:

    // by default, collecting data would be disabled
    * Analytics.EnableCollectingHardwareStatistics();
    * Analytics.EnableCollectingAdvertisingIds();
    * Analytics.EnableCollectingIP();
    * Analytics.EnableCollectingEverything();

    I want:
    * Use IAP
    * Use custom event

    That's all.
     
    wwcolter and rhamm like this.
  9. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,277
    Our privacy policy outlines the data that may be collected from Unity games, which includes games with or without Unity services enabled.
    https://unity3d.com/legal/privacy-policy

    When an app is designated as COPPA, we can distinguish these apps on our server, so we can modify how we use the data, if need be.

    The Data Privacy plug-in will work for this case as well.

    When a user selects the opt-out option, two things will happen.

    1. The backend stuff I detailed in another post:
    2. The app will set limitUserTracking = true, if that is available in the version of Unity in which the app was built.

    limitUserTracking was introduced in Unity 5.6. This should set the deviceid to "Unknown" in most of the requests. In 2018.1, it should set the deviceid to "Unknown" for all requests. Older versions of Unity will continue to send the deviceid in events. That is why the server-side opt-out preference is necessary.
     
  10. technicat

    technicat

    Joined:
    Nov 22, 2006
    Posts:
    1,278
    This seems to be a roundabout way of saying everyone using the Personal edition, whether or not they're using any Services, needs to implement the plugin (and Plus/Pro users need to turn off HW Statistics if they don't want to use the plugin).
     
    JamesArndt likes this.
  11. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    3,876
    I might not be fully understanding yet - so you're saying the hardware data will be collected on first-launch in games made with Unity Personal edition no matter what and personal data is transmitted, and the plugin opens a path for the user to remove or anonymize the data on your server and deactivate tracking for the future? To me that sounds like a clear violation of the GDPR because it transmits the data without consent first. So if the player has optained the game through a channel where they did not accept a EULA informing them about this, and the devs have no way of forcing a EULA onto them through the distribution channel that they have to accept before playing, then they automatically are in violation of the GDPR because the game transmits personal data without active user-consent, right?

    Is it possible for devs using the personal edition to set this tag manually from code to prevent sending that personal data on launch?

    Can we set that as a tag on our side from the Editor to get around the data transmition issues? How does that work?
     
  12. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,277
    The GDPR FAQ addresses this question:
    https://unity3d.com/legal/gdpr#section-information-for-developers-publishers-and-other-partners
     
    Martin_H likes this.
  13. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    3,876
  14. technicat

    technicat

    Joined:
    Nov 22, 2006
    Posts:
    1,278
    I just tried out the plugin and took a look at the popup opt-out page. As a user, from the text it’s not clear to me if I’m opting out for this game, this game on this device, all unity games, all unity games on this device...
     
    tarahugger likes this.
  15. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,277
    Thanks for the feedback. I will let the team know this copy could be more clear.

    To answer the question, it will opt-out that device from that game.
     
    technicat likes this.
  16. technicat

    technicat

    Joined:
    Nov 22, 2006
    Posts:
    1,278
    If anyone's interested, this is a screenshot of the opt-out page on my Galaxy 8, showing the the user data after it has been requested and returned (interesting stats, though looks more space is needed to display for the osVer field). The terms/privacy button at lower right links to Google's terms.
     

    Attached Files:

    wwcolter likes this.
  17. Leonid

    Leonid

    Joined:
    Aug 20, 2013
    Posts:
    35
    @ap-unity Hello!
    Is it possible to translate opt-out page to some of the major European languages?
     
  18. ZzappSizzler

    ZzappSizzler

    Joined:
    Jan 15, 2017
    Posts:
    33
    I've put the plugin into the game and now get this error:

    Error CS0433 The type 'DataPrivacyButton' exists in both 'Assembly-CSharp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' and 'Unity.Analytics.DataPrivacy, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' BBCloudforge.Editor C:\Users\Admin\Desktop\BBCloudforge\Assets\DataPrivacy\Editor\CreateDataPrivacyButtonMenuItem.cs 44 Active

    What do I do to fix it?

    Thank you.
     
  19. bart_the_13th

    bart_the_13th

    Joined:
    Jan 16, 2012
    Posts:
    440
    If only the opt-out page is rendered in a webview instead of opening browser (or is it just me? I'm using 5.6.5), maybe we can trigger the button manually by code to force it to be shown when the app/game start... Will that be a good practice?
    But I assume there's more happening in background before it can be shown...
     
  20. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,277
    That's a very good idea. I have passed it along to the team.

    Would you be able to open a support ticket so we can investigate this further:
    https://analytics.cloud.unity3d.com/support/

    The plugin does provide an API to retrieve the URL. (That URL does expire though, so it's a good idea to fetch it just before opening the page.)

    https://docs.unity3d.com/Manual/UnityAnalyticsDataPrivacy.html

    You could then use that URL to generate a webview in your app, so the page doesn't open in an external browser.
     
    bart_the_13th likes this.
  21. coshea

    coshea

    Joined:
    Dec 20, 2012
    Posts:
    253
    Heres my top feature request, let us opt out players by default. Its only the ip/device id anyway, still uses analytics.

    I'm wondering, we can get the URL as mentioned above, is there a way to call the online form script in the same way that would let us opt players out by default?
     
    sandbaydev likes this.
  22. technicat

    technicat

    Joined:
    Nov 22, 2006
    Posts:
    1,278
    Just a suggestion, considering the privacy plugin applies to other Unity Services, this thread should be its own forum topic under Services.
     
  23. bart_the_13th

    bart_the_13th

    Joined:
    Jan 16, 2012
    Posts:
    440
    afaik, the opt out option cant be undone, so once you set player opt out they can't opt-in back
     
  24. woodenboxlwp

    woodenboxlwp

    Joined:
    Jul 29, 2015
    Posts:
    1
    Can I use the plugin for unity 4.6.9f1 ?
     
  25. coshea

    coshea

    Joined:
    Dec 20, 2012
    Posts:
    253
    I personally would rather not collect any personal data (ip/device id) anyway, so would be happy with this.
     
    sandbaydev and technicat like this.
  26. Swah

    Swah

    Joined:
    May 13, 2015
    Posts:
    25
    On my end the big questions is still this: can we keep using some services (like IAP, analytics and Performance Reporting) and disable collection of personal data such as IP addresses, in code, without asking users? We can integrate the privacy plugin, but we need to know if it's possible.

    Were you able to get any clarity on this @ap-unity?
     
    Last edited: Jun 8, 2018
    sandbaydev likes this.
  27. technicat

    technicat

    Joined:
    Nov 22, 2006
    Posts:
    1,278
    If you’re asking whether you need to use the plugin with other services even when analytics is disabled, the first post in this thread says you must use the plugin if you use Unity services “such as” analytics, IAP, multiplayer, and performance reporting, which I interpret to mean any or all, so if you’re using any of those services, you might as well keep analytics running.

    I agree it’s not clear: for one thing, “such as” leaves open there are other services to worry about (although I doubt that we have to worry about collab and cloud build), and as far as I can tell the plugin has only been advertised to analytics users (in this thread and not the other services threads, and it’s called the Unity Analytics Data Privacy Plugin)

    Edit: actually it’s just called the Data Privacy Plugin and the asset store description, while leading off with just Unity Analytics, does mention the same requirement for the other services at the bottom.
     
    Last edited: Jun 7, 2018
  28. Swah

    Swah

    Joined:
    May 13, 2015
    Posts:
    25
    @technicat my question is more focused on our ability as developers to turn off collection of personal data, while still using some services such as IAP, without involving users. I edited it to clarify.
     
    technicat likes this.
  29. technicat

    technicat

    Joined:
    Nov 22, 2006
    Posts:
    1,278
    Or even just a checkbox in Player Settings like the one used to turn off HW Statistics would be nice.
     
    sandbaydev likes this.
  30. homenetgames-jacek

    homenetgames-jacek

    Joined:
    Jun 8, 2015
    Posts:
    8
    It seems that FetchPrivacyUrl doesn't work now. It was working before, maybe temporary server problem?
    It prints "Requesting data privacy URL from https://data-optout-service.uca.cloud.unity3d.com/token" on console but neither success or failure callbacks are called. I tried on different devices, connection to Internet is ok.
    I didn't previously selected opt-out option.
    Plugin initializes successfully and shows following logs at start:

    Loading data opt-out preferences from PlayerPrefs
    Requesting data opt-out preferences from https://data-optout-service.uca.cloud.unity3d.com/player/opt_out?appid=[some uid]&userid=[some uid]
    Opt-out preferences successfully retrieved, applied and saved:
    {"optOut":false,"analyticsEnabled":true,"deviceStatsEnabled":true,"limitUserTracking":false,"performanceReportingEnabled":true}
     
  31. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,277
    @homenetgames-jacek

    Which version of Unity are you using? I tested it with 2018.1 and did not have any issues getting the URL.

    Would you be able to provide the script you were using? I was testing with a very simple script:

    Code (CSharp):
    1. using UnityEngine;
    2. using UnityEngine.Analytics;
    3. public class Privacy : MonoBehaviour
    4. {
    5.     void Start()
    6.     {
    7.         DataPrivacy.FetchPrivacyUrl(OnSuccess, OnFailed);
    8.     }
    9.     void OnSuccess(string msg)
    10.     {
    11.         print("Success: " + msg);
    12.     }
    13.     void OnFailed(string msg)
    14.     {
    15.         print("Failure: " + msg);
    16.     }
    17. }
     
  32. dmitry_kr

    dmitry_kr

    Joined:
    Feb 16, 2018
    Posts:
    50
    Hello. How do I check in Unity game where is user from? To show him GPDR consent dialog(or button) or not.
     
  33. homenetgames-jacek

    homenetgames-jacek

    Joined:
    Jun 8, 2015
    Posts:
    8
    @ap-unity
    Ok, I found it, it was error in my code. It is UnityScript code, it stopped working after I added yield in code below and this (now a coroutine) function isn't called anymore - nasty feature of UnityScript :) , no warning, no error in log, no anything.
    Code (JavaScript):
    1. function OnManageUnityPrivacy()
    2. {
    3.     UnityEngine.Analytics.DataPrivacy.FetchPrivacyUrl(OnUnityPrivacyURLReceived, OnUnityPrivacyFailure);
    4. }
    5. function OnUnityPrivacyFailure(reason : String)//not
    6. {
    7.     Debug.Log("OnUnityPrivacyFailure " + reason);
    8. }
    9. function OnUnityPrivacyURLReceived(url : String)
    10. {
    11.     Debug.Log("OnUnityPrivacyURLReceived " + url);
    12.     OpenUrl.Open(url);
    13.     yield WaitForSeconds(0.1f);
    14.     UnityEngine.Analytics.DataPrivacy.FetchOptOutStatus(OnUnityPrivaceOptOutResult);
    15. }
    16. function OnUnityPrivaceOptOutResult(ret : boolean)
    17. {
    18.     Debug.Log("OnUnityPrivaceOptOutResult " + ret);
    19. }

    But I've experienced another issue, plugin manual (https://docs.unity3d.com/Manual/UnityAnalyticsDataPrivacy.html) says that "The plugin does not support the following platforms: Linux, Windows Phone, Universal Windows Platform (UWP) prior to Unity 5.5, Tizen, Apple TV, Blackberry"
    I'm using Unity 5.6.6f2 and it crashes at start on Windows Store Universal 8.1 build with the following output:

    .....
    Loading data opt-out preferences from PlayerPrefs
    (Filename: C:/buildslave/unity/build/artifacts/generated/Metro/runtime/DebugBindings.gen.cpp Line: 51)
    Exception thrown at 0x00000000 in Hex Commander Fantasy Heroes.exe: 0xC0000005: Access violation executing location 0x00000000.

    Just letting you know, I will disable it for this platform.

    PS. Windows App Certification Kit shows missing API error for System.MissingMethodException (referenced in DataPrivacyUtils.cs)
     
    Last edited: Jun 21, 2018
    technicat likes this.
  34. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,277
    That is not a feature of this plugin. Developers must implement that functionality on their own.

    Thanks for reporting this. I will let the team know about this issue.
     
    technicat likes this.
  35. sfjohansson

    sfjohansson

    Joined:
    Mar 12, 2013
    Posts:
    293
    Didn't find a clear answer, I'm interested in only using performance reporting, so would it be possible in code to opt out the user without showing the dialog and get the crash reports?
     
  36. Swah

    Swah

    Joined:
    May 13, 2015
    Posts:
    25
    @sfjohansson: unity has yet to answer this one, and it's been over a month now. They are also not answering this by email. I would appreciate at least knowing if this is being looked into, or even a clear "no" would be helpful.
     
    JamesArndt likes this.
  37. sfjohansson

    sfjohansson

    Joined:
    Mar 12, 2013
    Posts:
    293
    Hm... It feels like..as long as we technically disable everything that requires an opt in by GDPR, then not giving the user an option to opt-in should be fine...as long we still get the non-personal info...

    Maybe easiest to make a test project opt out of everything and see what gets sent :)
     
  38. Swah

    Swah

    Joined:
    May 13, 2015
    Posts:
    25
    I'm pretty confident you could turn off every service (including the HW stats) and not collect any private information. The problem is for apps that are using services like Unity IAP, which I think also activates Unity Analytics. It's not like developers can just decide to turn off IAP, they have to replace it with something else, which is a lot of work and adds complex test cases.
     
  39. sfjohansson

    sfjohansson

    Joined:
    Mar 12, 2013
    Posts:
    293
    That is of course a more complex use case, but depending on what is left when opting out...it might work for a lot of people to just auto opt-out without involving the user....unless as you said if something like IAP's requires an opt-in.
     
  40. jason_yak

    jason_yak

    Joined:
    Aug 25, 2016
    Posts:
    269
    How are Remote Settings and A/B Testing going to work if they rely on analytic segment data such as the users country if they have opted out?

    Can anyone confirm what the expected outcome of this would be. Would Remote Settings stop working for that user altogether, would they revert to the control/default values? If they haven't opted out, a remote setting based on a users country segment is received, then they opt-out.. does anything change? If they had started an A/B test, then the opt-out, are A/B test results going to be really skewed where however many people that opted out either don't post up results of the test.. or maybe the control group ends up with a slant in favour of all those that opted out. Ahhh... so confused about this. Any info would be appreciated, thanks.
     
  41. coshea

    coshea

    Joined:
    Dec 20, 2012
    Posts:
    253
    I am currently planning to disable Unity analytics in all of my games, as Unity doesn't provide a way (unlike Google Analytics) of removing Device ID AND IP Address from tracking. If Unity would let you anonymise IP Address, then my understanding is that you wouldn't need consent / opt out from players.
     
  42. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    5,467
  43. coshea

    coshea

    Joined:
    Dec 20, 2012
    Posts:
    253
    Hi @JeffDUnity3D

    So yes we can use Analytics.limitUserTracking = true at the start of our apps to remove the "(IDFV, Android device ID or IMEI if Android device ID is unavailable)" even if the player hasn't opted out through the plugin.

    Regarding "Also, we are not storing the IP address. The IP address is simply inferred from the request origin, part of the HTTP protocol. We don't explicitly collect it, in other words, or prevent it from being sent."

    everywhere on the Unity site says that IP address is being collected...

    "we collect data such as device type, country, device language, in-game behavior and purchases, IP address"

    "Unity Analytics collects gameplay and device information from players who play games made with Unity. The only Personally Identifiable Information (PII) collected is device ID and IP address"
    https://unity3d.com/legal/gdpr

    "In addition to these IDs, Unity Analytics also collects the following personal information from Child App users: IP address"
    https://docs.unity3d.com/2018.2/Documentation/Manual/UnityAnalyticsCOPPA.html

    "Unity has collected device information, like IP address"
    https://unity3d.com/legal/privacy-policy

    So the IP address is being sent as part of the request but NOT collected you are saying?

    Seems to be some confusing info,

    Thanks
     
  44. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    5,467
    @coshea Yes, that is correct. I was referring to the opt-out process. We are collecting and storing the IP address currently, unless we receive the opt-out request from the user, at which time their IP address info we have is deleted, and is subsequently not stored.
     
  45. jason_yak

    jason_yak

    Joined:
    Aug 25, 2016
    Posts:
    269
    Just bumping my question, I think it got lost in the previous comments.
     
  46. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    5,467
    Remote Settings and A/B testing would work as expected when a user opts out. Country segment is not PII data (given a country you cannot identify a user)
     
  47. jason_yak

    jason_yak

    Joined:
    Aug 25, 2016
    Posts:
    269
    Thanks for the info, it’s been a big of a whirlwind learning about GDPR. Cheers!
     
  48. coshea

    coshea

    Joined:
    Dec 20, 2012
    Posts:
    253
  49. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    5,467
    @coshea That is essentially what we do to obtain the country, and then we do not store the IP address. And it seems your child directed question was answered in the post you referred to (the Q and A part)?
     
  50. coshea

    coshea

    Joined:
    Dec 20, 2012
    Posts:
    253
    Hi

    "we do not store the IP address"

    - you mean once the player opts out? As the links to the unity documentation say that ip address is collected and stored, when you opt via privacy url, out the ip address isn't stored.

    My question is, why can't the developer set via the api, to anonymise the ip address? In the same way that you can do:

    Analytics.limitUserTracking

    It would be great if you could do Analytics.limitUserIPTrackign or something, to hide the IP in the same way Google Analytics does. That way if you turned this off and device id with Analytics.limitUserTracking, you wouldn't have to worry about the privacy opt out page.

    Regarding child directed apps, the QA linked to in the thread was a reply to their email saying "Unity would prefer that you implement the plugin for these apps even though the data is quarantined and anonymized"

    The coppa page says "Unity Analytics also collects the following personal information from Child App users: IP address, identifiers for advertisers (IDFA is only collected if Unity Ads is also enabled) and device identifiers (IDFV, Android device ID or IMEI if Android device ID is unavailable)."

    My question is that there is nothing there to say the device ID or ip address are anonymized, correct? If that data is anonymized before storage, Unity needs to update the Coppa page.

    Thanks