Regarding New GDPR Compliance Pop-Up [Mod Edited Title for Clarity]

13

Comments

  • buggysitehaveaccontbuggysitehaveaccont Member Posts: 158
    Mcord117 wrote: »
    Well then if this is just an eu thing than atleast you have the option. Was wondering why I didn’t get this message

    kabam is canadian, so why should it annoy EU players?and if it does just report them for whatever laws you have in your country when it comes to internet laws
  • shadow_lurker22shadow_lurker22 Member Posts: 3,245 ★★★★★
    I live in the us and didn't get the pop-up so should I be worried because apparently everyone else is getting it but abam says that the us isn't so I am confused
  • DNA3000DNA3000 Member, Guardian Posts: 19,846 Guardian
    EvilAsh wrote: »
    So the rest of us can get our personal information taken and used without authorization?

    What right does a video game manufacturer have to any information that isn't given up front by the customer?

    My email, account info, and how much I've spent is all you should ever need.....

    And tell us what information your collecting the lawis clear on that subject

    You can not just say you collect without telling people what your are collecting!

    They aren't asking for permission to collect more information. They clearly state in the pop up that the personal information this relates to includes the data you gave them in the first place to sign up for the game and the data they collect about your game play while you are playing the game. These pieces of information are mandatory for them to track to operate the game.
  • AxeCopFireAxeCopFire Member Posts: 1,115 ★★★
    Hatshipuh wrote: »
    AxeCopFire wrote: »
    Sorry but that has no relevance to this situation. This game isn't collecting data about your religion, political leanings, ethnicity, sexual orientation, etc., and if you think it is, then better make sure that you tighten your tinfoil hat so they can't steal your thoughts also
    Location data is personal data, and if personal data is involved, it falls under GDPR, I feel like talking to a bad Kabam lawyer lol. I don't care about any tinfoil hats, my data is all over the net either way, doesn't change that the way Kabam does things may cost them a lot of money.
    Tbh I'm rather surprised there was no official statement prepared, I've seen this uproar coming miles away when they published the changelog.
    But then again, I'm also not surprised lol.

    Location data is not always personal data. It highly depends on the context and the use case. The same data set can be privacy-neutral when used for asset tracking as part of logistics optimization services and privacy sensitive when used for tracking of a child or patients in a hospital. Kabam would only be using your location to detect cheaters.
  • HatshipuhHatshipuh Member Posts: 146
    AxeCopFire wrote: »
    Location data is not always personal data. It highly depends on the context and the use case. The same data set can be privacy-neutral when used for asset tracking as part of logistics optimization services and privacy sensitive when used for tracking of a child or patients in a hospital. Kabam would only be using your location to detect cheaters.

    Exactly, which is why Kabam needs to disclose what data is collected, if not only for the sake of defending themselves in case of complaints.
  • buggysitehaveaccontbuggysitehaveaccont Member Posts: 158
    also, a click is not a signature so it is never binding unless the click is with a e-security id which i doubt phone games would bother with
  • DarthPhalDarthPhal Member Posts: 1,064 ★★★★
    Hatshipuh wrote: »
    AxeCopFire wrote: »
    Even if you don't live in the EU, it changes nothing. They will still be collecting that same data from you if you want to play. If you don't want the data about your play sent to them, you have one option. DON'T PLAY.

    That's what Facebook and Google tried to do, agree to them collecting data or don't use their services, which is a breach of GDPR, and they may be facing fines worth billions because of that.

    Hmm, you’re right. It might be easier for them to just stop offering services in EU countries.
  • DNA3000DNA3000 Member, Guardian Posts: 19,846 Guardian
    Hatshipuh wrote: »
    AxeCopFire wrote: »
    Even if you don't live in the EU, it changes nothing. They will still be collecting that same data from you if you want to play. If you don't want the data about your play sent to them, you have one option. DON'T PLAY.

    That's what Facebook and Google tried to do, agree to them collecting data or don't use their services, which is a breach of GDPR, and they may be facing fines worth billions because of that.

    That's not necessarily applicable here. The GDPR requirement is granularized consent, which means users of a broad set of services must be allowed to consent to the information gathering required for one service while revoking consent for another. MCOC is essentially a single service, and any information collected required for running the game does not need to contain granular consent. They are free to tell you that if you do not consent to allowing them to collect and use information to run the game, they can suspend you from the game. In fact, the consequences of the GDPR basically require Kabam to kick you from the game because lack of consent means they cannot continue to hold your login information or your gameplay information data or logs. That all but makes it impossible for them to allow you to continue to play the game.
  • DNA3000DNA3000 Member, Guardian Posts: 19,846 Guardian
    also, a click is not a signature so it is never binding unless the click is with a e-security id which i doubt phone games would bother with

    I'm not sure why you think that, but you may be confusing entirely separate issues regarding electronic signatures when the governing context is contract law. In the US, courts have held that clickwrap contracts are legally enforceable provided they pass the traditional tests for contract enforceability, in particular for clickwrap contracts they must have provided reasonable notice of the contract terms and both parties must make their assent to those terms explicit and manifest.

    See: Feldman v Google: https://www.casebriefs.com/blog/law/contracts/contracts-keyed-to-knapp/the-statute-of-frauds/feldman-v-google-inc/

    Summary: "Synopsis of Rule of Law. When an online user has been given reasonable notice of the agreement’s term and it is clear that once the user clicks on the acceptance “button”�, the user agrees to be bound by those terms notwithstanding that the agreement does not include a specific price term, but describes with adequate definiteness, a practicable process by which price is determined, then the online clickwrap agreement becomes binding on the online user."
  • This content has been removed.
  • QualozQualoz Member Posts: 28
    I'm from the USA and I had to consent to the agreement why?
  • Delta_14Delta_14 Member Posts: 64
    Hey All,

    Sorry for the confusion here. This pop-up is in compliance with the new GDPR regulations, and should only be visible to Players in the UK and EU. We're getting the exact list of what is collected for you all, but to the best of my knowledge, the information that we do collect is required for us to be able to provide you with the game service, hence why it is required to be able to continue playing.

    Hold on a little bit, and we'll get you the exact list of what we collect ASAP.


    Quick note -

    As Miike said, this is meant to be popping up for UK/EU players. We're looking into it and getting the information we need to share with y'all. Please stick with us a bit longer while we do so. Thank you!

    Slightly off topic and not really all that important... but every time I’ve seen you guys refer to this (both here and in other communications) you refer to “UK and EU”.

    Without getting into the politics, the UK is currently in the EU. Is there a particular reason for giving us a special mention?
  • buggysitehaveaccontbuggysitehaveaccont Member Posts: 158
    DNA3000 wrote: »
    also, a click is not a signature so it is never binding unless the click is with a e-security id which i doubt phone games would bother with

    I'm not sure why you think that, but you may be confusing entirely separate issues regarding electronic signatures when the governing context is contract law. In the US, courts have held that clickwrap contracts are legally enforceable provided they pass the traditional tests for contract enforceability, in particular for clickwrap contracts they must have provided reasonable notice of the contract terms and both parties must make their assent to those terms explicit and manifest.

    See: Feldman v Google: https://www.casebriefs.com/blog/law/contracts/contracts-keyed-to-knapp/the-statute-of-frauds/feldman-v-google-inc/

    Summary: "Synopsis of Rule of Law. When an online user has been given reasonable notice of the agreement’s term and it is clear that once the user clicks on the acceptance “button”�, the user agrees to be bound by those terms notwithstanding that the agreement does not include a specific price term, but describes with adequate definiteness, a practicable process by which price is determined, then the online clickwrap agreement becomes binding on the online user."

    0200 and 32c in apartment and doc appointment in 4h so need to sleep, but you are saying there is a supreme court precedent ?
    I know state and some federal judges are dumb as any potsmoker can get that position, but have to go to supreme court to set a precedent. you saying that is what you linked ?(will check when I have time tomorrow)
    a cat paw can click agree and USA Judges say that is binding ? I guess im lucky we have normal courts here in my country then lol
    Here only digital signature with social security number I think is the US equivalent attached to your bank with double security codes to prevent fraud or stolen ID is counted as signed, or ofc paper, that is why banks only allow a loan over a certain amount if you sign a paper and send in, as it is 100% binding.

    The "I agree" buttons can never be tied o a person and therefore it can never be proven that x person clicked the "I agree" button, but if it is a supreme court precedent you posted then I am sorry for your country.
    I really have to sleep, will check tomorrow, g night :P
  • Kabam MiikeKabam Miike Moderator Posts: 8,269
    Hey Everybody, thank you for your patience while we worked to gather the information necessary to answer your questions. We hope this will help to clear some of your questions up!

    What Data is Being Collected?


    The Data that we collect is only Data that we need in order to grant access to the game and its content, administer and manage your account, understand how you play the game (what modes you play, etc.), improve the game, and provide you with technical support when requested.

    Following are the types of data that can be collected through your use of our app: device information like device type, OS, location (e.g. country and region), app version, Kabam-assigned user ID (if you have signed up for one), gameplay information like game progress, session time and duration, in-app events.

    We realize that the term “behavioural data” might be confusing. When we reference behavioural data, we are referring to player's use of the app and game play information like game progress, features used, events joined, interactions with other players, session time and duration, and purchases etc. Thanks for giving us an opportunity to clear up the confusion. In a future update, we’ll be sure to update the language to be more clear.

    Why are you asking us to consent?


    Without the ability to collect, process, and store this data, we are not able to reference enough data to grant you an account, since some of the more basic information like your e-mail address and other identifying information is needed to hold login information, as well as gameplay progress and information. In essence, MCOC cannot function without this information.
  • JackdielJackdiel Member Posts: 17
    I believe is wrong, they should never force you to share your personal information. They even went a step further and gave an ultimatum forcing you to agree or lose all the money and time we have spent on the game
  • buggysitehaveaccontbuggysitehaveaccont Member Posts: 158
    DNA3000 wrote: »
    also, a click is not a signature so it is never binding unless the click is with a e-security id which i doubt phone games would bother with

    I'm not sure why you think that, but you may be confusing entirely separate issues regarding electronic signatures when the governing context is contract law. In the US, courts have held that clickwrap contracts are legally enforceable provided they pass the traditional tests for contract enforceability, in particular for clickwrap contracts they must have provided reasonable notice of the contract terms and both parties must make their assent to those terms explicit and manifest.

    See: Feldman v Google: https://www.casebriefs.com/blog/law/contracts/contracts-keyed-to-knapp/the-statute-of-frauds/feldman-v-google-inc/

    Summary: "Synopsis of Rule of Law. When an online user has been given reasonable notice of the agreement’s term and it is clear that once the user clicks on the acceptance “button”�, the user agrees to be bound by those terms notwithstanding that the agreement does not include a specific price term, but describes with adequate definiteness, a practicable process by which price is determined, then the online clickwrap agreement becomes binding on the online user."

    ffs, you press edit and click save and kabam wipe entire "#¤" message
    in short I have no time, must sleep, 0200 now, doctor in 4h from now

    did you post a supreme court precedent in that link? will read tomorrow when I have time unless drugged by doc lol

    if your supreme court set a precedent where "I agree" buttons are X person clicking that "I agree" button then Im glad we have more normal courts here

    anyone can click that I agree button a cat paw, a dog nose, your friend can click it and never tell you he clicked something etc

    if your supreme court set a precedent for these things then I think your country is going down the hill as you can never identity anyone by having them click I agree, it is just a feature to make companies feel little safer as the general pop is often dumb and just click agree without reading.

    here we need what you called social security number I think, tied to a bank account, tied to your personal account which is tied to a electronic device or phone which then can send a code to a place where you write in that code after writing your personal code, to get a code back to write into the device or phone for double security and then sign with e-sign, that is pretty secure and 100% binding.

    other ways is a personal signature on paper, which banks always do if over a certain number as it is 100% binding as well.

    having Joe off the street clicking agree is not binding in anywhere unless a dictatorship, but need sleeping and went off a rant as kabam deleted my other msg when I had to edit, so will not edit this or it will be deleted as well
  • DNA3000DNA3000 Member, Guardian Posts: 19,846 Guardian
    Delta_14 wrote: »
    Hey All,

    Sorry for the confusion here. This pop-up is in compliance with the new GDPR regulations, and should only be visible to Players in the UK and EU. We're getting the exact list of what is collected for you all, but to the best of my knowledge, the information that we do collect is required for us to be able to provide you with the game service, hence why it is required to be able to continue playing.

    Hold on a little bit, and we'll get you the exact list of what we collect ASAP.


    Quick note -

    As Miike said, this is meant to be popping up for UK/EU players. We're looking into it and getting the information we need to share with y'all. Please stick with us a bit longer while we do so. Thank you!

    Slightly off topic and not really all that important... but every time I’ve seen you guys refer to this (both here and in other communications) you refer to “UK and EU”.

    Without getting into the politics, the UK is currently in the EU. Is there a particular reason for giving us a special mention?

    Basically, because everyone else does. And most discussions about the GDPR commonly state that it is an issue for "EU/UK" data simply because there were and still are many people with questions about whether the GDPR is a long-term issue for the UK post Article 50. The point of confusion is that the UK initiated Article 50 prior to when the GDPR was being discussed widely in mainstream IT, but after the GDPR actually legally took effect, so even though people were not talking about it at the time GDPR is the law of the land in the UK. But more importantly, the Article 50 process will involve a process whereby all EU laws will have to be reviewed to determine if they still apply post-Brexit. This will not materially affect GDPR compliance because the UK already passed conforming legislation as allowed under the terms of the GDPR.

    In other words, even if in some future date the GDPR is no longer considered legally binding on the UK, the UK already has its own local law that essentially says the same thing.
  • DNA3000DNA3000 Member, Guardian Posts: 19,846 Guardian
    if your supreme court set a precedent where "I agree" buttons are X person clicking that "I agree" button then Im glad we have more normal courts here

    I still think you're confusing the question of electronic signatures and contracts. You're also mistaken that this is a US law peculiarity. If you're in the EU, here's relevant precedent from the CJEU court regarding the intepretation of Article 23 of the Brussels Convention as it applies to clickwrap agreements: http://curia.europa.eu/juris/document/document.jsf?text=&docid=164356&pageIndex=0&doclang=en&mode=req&dir=&occ=first&part=1&cid=251717

    Summary: "Article 23(2) of Council Regulation (EC) No 44/2001 of 22 December 2000 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters must be interpreted as meaning that the method of accepting the general terms and conditions of a contract for sale by ‘click-wrapping’, such as that at issue in the main proceedings, concluded by electronic means, which contains an agreement conferring jurisdiction, constitutes a communication by electronic means which provides a durable record of the agreement, within the meaning of that provision, where that method makes it possible to print and save the text of those terms and conditions before the conclusion of the contract."

    In other words, click wrap agreements are legally recognized as a means for communicating a binding agreement.

    Another summary of the judgment: https://www.lexology.com/library/detail.aspx?g=437b207e-f24c-4a12-8bad-9d9fc06c62f9

    Your confusion is probably due to the subtle difference between what the purpose of an agreement is, and what the purpose of an electronic signature is. The purpose of an electronic signature is to *identify* the person signing the document and *authenticate* that the signature is valid. But contracts and agreements do not require electronic signatures. They don't require signatures of any kind. Contracts can be orally agreed to in some cases for example.

    In the case of the GDPR, the primary requirements are that the account holder is notified and acceptance properly recorded. Electronic signatures are not required because it is not legally required that you identify the person agreeing to the disclosure statement. Kabam only has to make the case that the account holder, whomever that is, was notified and agreed. They do not need to account for other people clicking the button, because admission that someone else was using your account is grounds for account termination anyway. You, and you alone, are supposed to be the only person using that account, and you are responsible for any act taken on that account as the account holder.

    In fact, pretty much universally everything I've read about GDPR compliance recommends clickwrap privacy policies to be used to satisfy the notification and consent requirements. That's why almost everyone is using them.
  • This content has been removed.
  • Doomsfist79Doomsfist79 Member Posts: 922 ★★★

    Without the ability to collect, process, and store this data, we are not able to reference enough data to grant you an account, since some of the more basic information like your e-mail address and other identifying information is needed to hold login information, as well as gameplay progress and information. In essence, MCOC cannot function without this information.

    So why all of a sudden is this information required for MCOC to function? Hasn't the game been available for about 3 years now and this information wasn't a requirement? Also, stating you will clarify the conditions that we are agreeing to NOW.. is not exactly acceptable. If you expect someone to agree to conditions, then the conditions they agree to need to be clear at the time of consent.

  • AkhilxcxAkhilxcx Member Posts: 255 ★★
    So we are still not getting the answer on why people in North America and Asia are getting this popup when kabam mike said and other mods say for sure that this is only meant for UK and eu
  • This content has been removed.
  • DNA3000DNA3000 Member, Guardian Posts: 19,846 Guardian

    Without the ability to collect, process, and store this data, we are not able to reference enough data to grant you an account, since some of the more basic information like your e-mail address and other identifying information is needed to hold login information, as well as gameplay progress and information. In essence, MCOC cannot function without this information.

    So why all of a sudden is this information required for MCOC to function? Hasn't the game been available for about 3 years now and this information wasn't a requirement? Also, stating you will clarify the conditions that we are agreeing to NOW.. is not exactly acceptable. If you expect someone to agree to conditions, then the conditions they agree to need to be clear at the time of consent.

    The information Kabam is collecting is necessary for the game to function. The notice is going out because as of May 25, 2018 the provisions of EU 2016/679 aka the General Data Protection Regulation went into effect. A provision of this regulation is that all companies that collect *any* personal data from any citizen of the EU must notify them that they are collecting such information and must affirmatively ask for permission to continue collecting that information. If the person does not give that permission, they must stop collecting such information and purge existing information from their databases. They must do so even if this terminates their ability to serve that person as a customer: failing to grant permission to collect information is essentially asking for their customer relationship to end if that is necessary to follow the GDPR guidelines.

    The GDPR does not specify that this pertains to *sensitive* information, but literally *ANY* personal information. People in the EU have been getting bombarded with GDPR notices from forums they haven't visited in years and for which the only personal information they gave was literally their names.

    Kabam is satisfying a legal requirement for EU players or players they believe to reside in an EU country. They have no choice in the matter.
  • AxeCopFireAxeCopFire Member Posts: 1,115 ★★★

    Without the ability to collect, process, and store this data, we are not able to reference enough data to grant you an account, since some of the more basic information like your e-mail address and other identifying information is needed to hold login information, as well as gameplay progress and information. In essence, MCOC cannot function without this information.

    So why all of a sudden is this information required for MCOC to function? Hasn't the game been available for about 3 years now and this information wasn't a requirement? Also, stating you will clarify the conditions that we are agreeing to NOW.. is not exactly acceptable. If you expect someone to agree to conditions, then the conditions they agree to need to be clear at the time of consent.

    Lol did this guy seriously just come in here and say "why they changing stuff? Not cool bro" after multiple people in the thread already explained in detail that nothing was changing, and the reasons that nothing was changing?

    Good job. Bravo.
  • Kabam MiikeKabam Miike Moderator Posts: 8,269
    Akhilxcx wrote: »
    So we are still not getting the answer on why people in North America and Asia are getting this popup when kabam mike said and other mods say for sure that this is only meant for UK and eu

    There was a bug earlier where it was showing up for Summoners that are not in the designated areas, but this has been corrected now.
  • AnoopAnoop Member Posts: 2
    Akhilxcx wrote: »
    So we are still not getting the answer on why people in North America and Asia are getting this popup when kabam mike said and other mods say for sure that this is only meant for UK and eu

    There was a bug earlier where it was showing up for Summoners that are not in the designated areas, but this has been corrected now.

    corrected means in what way? I was forced to give my consent tp get into game being non uk citizen,,what is corrected in this matter?what happened to my consent?will you guys still be collecting data from non uk citizens as we were forced to give our consent ? explain to us how it is corrected and what will happen to those who gave their consent being non uk citizens ,was it removed or you will continue collect data from my account ?
  • GroundedWisdomGroundedWisdom Member Posts: 36,643 ★★★★★
    Anoop wrote: »
    Akhilxcx wrote: »
    So we are still not getting the answer on why people in North America and Asia are getting this popup when kabam mike said and other mods say for sure that this is only meant for UK and eu

    There was a bug earlier where it was showing up for Summoners that are not in the designated areas, but this has been corrected now.

    corrected means in what way? I was forced to give my consent tp get into game being non uk citizen,,what is corrected in this matter?what happened to my consent?will you guys still be collecting data from non uk citizens as we were forced to give our consent ? explain to us how it is corrected and what will happen to those who gave their consent being non uk citizens ,was it removed or you will continue collect data from my account ?
    They're already collecting it. Have been all along. It's necessary for the game. The permissions are a recent regulation in some countries. Really nothing to worry about.
  • Colonaut123Colonaut123 Member Posts: 3,091 ★★★★★
    If it is a forced consent, Kabam violates the GDPR regulation and you can report them at the privacy regulator of your country.
  • Colonaut123Colonaut123 Member Posts: 3,091 ★★★★★
    Delta_14 wrote: »
    Hey All,

    Sorry for the confusion here. This pop-up is in compliance with the new GDPR regulations, and should only be visible to Players in the UK and EU. We're getting the exact list of what is collected for you all, but to the best of my knowledge, the information that we do collect is required for us to be able to provide you with the game service, hence why it is required to be able to continue playing.

    Hold on a little bit, and we'll get you the exact list of what we collect ASAP.


    Quick note -

    As Miike said, this is meant to be popping up for UK/EU players. We're looking into it and getting the information we need to share with y'all. Please stick with us a bit longer while we do so. Thank you!

    Slightly off topic and not really all that important... but every time I’ve seen you guys refer to this (both here and in other communications) you refer to “UK and EU”.

    Without getting into the politics, the UK is currently in the EU. Is there a particular reason for giving us a special mention?

    Brexit, bub. Over a year, the UK won't be part of the EU anymore.
Sign In or Register to comment.