From the 25th May we have new laws for protection of privacy in homepages and online features in games etc.
I am thinking about deleting my two Homepages because of being afraid I missed something in privacy protection and some evil (yes evil) lawyer tries to sue me (excuse my english) threatens me to bring me to court…
How do you other game developers handle this? I refreshes my privaty Statements but I am not sure if it fits.
If I am a Hobby game developer, is it useful to have my own Homepage at all? In my Forum / board nobody writes down something. And my online highscores are a nice Feature, but I guess they are not so important and might be changed to a steam or Facebook leaderboard…
How do you handle this? Do you think a small free time game developer does Need it’s own Homepage and board and self hosted hiscores / leaderboards?
You mean GDPR? You store user info on your homepage servers? If not your fine. We use Steam features only, and Valve have made sure they comply with GDPR
Yes, I meant exactly that. I have a Website with forum / board and an online hiscore list / leaderboard.
Because of the new laws I am not sure if I really need them enough to keep them.
You don’t even have to live in the EU to be affected as all it needs is to your players to be from the EU. American, Aussie etc. developers must also comply
If you only store “player” names and scores you don’t really have to do anything. If you have emails, real names and such stored its a different thing.
BTW I don’t think Valve has yet fully implemented all the stuff required by the GDPR. As a user I have not seen such announcement by email nor the user interfaces have all the required features(?)
Yes that’s right. I did some changes but I am a bit unsure if it fits perfectly. And since I don’t earn Money (or at least not at the Moment, and only very few Money if a game is new) I do not want to spent Money on lawyers. And I am unsure if I want to put more Money into my Websites, which don’t seem to be much visited at all.
Maybe a mixture of IMDB, Facebook or Steam and YouTube is already enough and as good as having own Domains that nobody visits.
I’ve read the GDPR, and I don’t see anything that impacts non-EU organizations other than articles 44-50. Articles 44-50 apply to data transfers from EU country organizations to non-EU country organizations, not the direct collection of data by non-EU country organizations of EU residents.
If I’m a non-EU organization, and I don’t accept transfers of personal data from EU based organizations, I’m fairly certain that the GDPR can be safely ignored. If I’m wrong, please point to the specific text that applies.
Looks like you have to put in more effort than just having EU customers though. You have to do something to show you are targeting the EU for the regulation to apply.
In other words “Is having that site worth a couple hundred bucks? If not, then take it down.” ?
I tend to agree, but keep in mind that as soon as you release a domain, chances are a domain squatter will scoop it up and put some bullshit ad-page on it or something like that. A friend of mine once had to buy a domain off such a domain squatter that had registered it shortly after he made a whois query to see if his domain with another extension was still free. They somehow had access to that info, bought the domain before he could, and then offered to sell it to him.
Does anyone know what freelancers need to do with the info they have stored from their clients? Like their email addresses and postal addresses? Is this data irrelevant if it’s all publicly available on the websites of those clients anyway?
If you don’t save any (personally identifiable!) data about yours users, where’s the privacy concern? The only critical part is likely the forum, so if that is not in use anyway, why not just get rid of it.
Not a lawyer but as far as I understood it, it basicly boils down to the following.
1.) You are not allowed to share the data without permission. I would guess that if it is publicly made available by the client that it is basicly counts as a permission or at the least you should be able to share the public source.
2.) On request by the client you have to send him a copy of all the personal data you have stored on him or her which could include Bills and E-Mails. (On a side note I have no clue how system backups are factored into this since checking months or years of backups for potentially deleted data sounds like a nightmare even with an automated system)
3.) On request you have to delete all the personal data stored from your client but only if it isn´t needed anymore for the business transaction or for other regulations like with book keeping. (Again no clue about the situation with backups)
4.) You have to make your client aware of what kind of data you store BUT I would guess the kind of data a typical freelancer stores for business transactions doesn´t need special mention since it is needed for billing.
Again though this is no legal advice - this are just a couple of things I gathered in passing at work about what others mentioned on the topic.
Apparently every bit of compliance includes backups according to a GDPR specialist who gave a talk at a tech group I attend. There are multiple nightmares.
I’ve also read that the even stricter GDPR-K applies if your customer base includes kids (not targeted at, just includes), unless you age verify those you want to keep any identifiable data on.
And in Germany there are many lawyers which make their Money / income just from finding copy-right violations and next will be GDPR violations.
Then you have to pay them a fee (in my opinion it is blackmail) or they drag you to a court.
A friend of mine had to pay 3000 Euro just because of one photo on his website.
And that was before GDPR now it will get a lot worse I bet.
