For anyone who’s ever been frustrated by the need to go online to play a single-player video game, the European privacy specialists at noyb have heard you, and they’ve filed a complaint against Ubisoft in Austria dealing specifically with the issue.
Noyb has asked Austrian data protection authorities to investigate the French game studio, which publishes titles in popular series including Far Cry, Assassin’s Creed, Watch Dogs, and others, for violations of article 6(1) of the EU’s General Data Protection Regulation (GDPR) for forcing players online when a game doesn’t have any online functionality.
“Imagine if the Monopoly man sat at your table and took notes every time you want to play a board game with your family or friends,” said noyb (none of your business) data protection lawyer Joakim Söderberg. “Well, that’s the reality of video games … as long as you have an open internet connection when you play, your data is collected and analyzed.”
Most folks who have played modern video games know the problem: Boot up a title without multiplayer elements – or only seeking to play the single-player portion of a game – and you’re faced with having to sign in to some service or another.
Ubisoft might be the poster child in this instance. However, lots of game studios are guilty of similar customer-frustrating behavior. Microsoft requires Halo Infinite to be online even if the player is just going it alone, as does Activision-Blizzard, which did the same with Diablo III, published years before its purchase by Microsoft. Electronic Arts, Sony, and other publishers have also followed suit with past and present titles.
In this case, the complaint stems from an individual being represented by noyb who became frustrated after being forced to go online to play a copy of Far Cry Primal they purchased on Steam – a game with no multiplayer or online functionality.
The unnamed complainant is reportedly a tech-savvy individual, and when examining the data being sent to Ubisoft with the game online they noticed 150 unique DNS packages being sent over the course of just ten minutes. Additional analysis of the captured network traffic revealed that Ubisoft was sending some of the data to servers controlled by Google, Amazon, and US-based cloud analytics firm Datadog. It’s not clear what was being transmitted, per noyb, as the data was all encrypted.
When asked, Ubisoft informed the complainant that there was an offline mode available, but the help page Ubisoft linked them to offers scant information that noyb told us was largely unhelpful to their client.
“For Far Cry Primal, the complainant wasn’t able to make it work at all,” a noyb spokesperson told The Register. “He’s a tech professional, so if he can’t do it, it’s definitely too complicated or it just doesn’t work at all.”
Noyb is asking Austrian officials to find Ubisoft guilty of infringing on GDPR article 6(1), which noyb says the company is violating both by collecting data when it doesn’t need to, and by not giving users an explicit option to opt out of. It’s also asking that Ubisoft be forced to stop such processing, and that it be fined for its bad behavior.
“Based on Ubisoft’s turnover of more than €2 billion, the data protection authority could issue a fine of up to €92 million [$104 million],” noyb said.
But what of other video game studios who do the same – can they expect a noyb complaint to follow? Probably, we’re told.
“For GDPR complaints, we can only go after one company at a time, because we are always representing a data subject whose right to data protection has been violated,” noyb said in an email.
Ubisoft was singled out for a couple reasons, noyb explains, namely that it’s among the worst offenders for this type of behavior, and because it’s a European company, so going after it is simpler than pursuing a US-based company.
“This probably won’t be our last complaint against gaming companies,” noyb told us. “Ubisoft isn’t the only gaming company with questionable practices.”
Sorry, US gamers – you’ll probably be stuck going online to play your single-player titles for the foreseeable future, unless a favorable EU decision ends up being imported. Given the history of EU-directed software changes, that’s unlikely. ®