Hi there,
I know I can’t expect any legal advice here, but I’d still like to hear your views on this subject:
I want to do a simple academic experiment in my video game, but it requires the age and gender of the players. Players will be informed before the data is collected and can opt-in to participate. The game also has opt-out options.
To implement the experiment, I would like to use Unity Analytics and extract the data via the raw data export. However, the best practices on Unity Analytics and PII (https://docs.unity3d.com/Manual/UnityAnalyticsDataPrivacy.html) says that PII should not be sent to Unity via standard or custom events.
Now my two questions:
- What is your impression - would Unity Analytics be unsuitable in the scenario described above to collect age and gender within the GDPR?
- Does anything change here if age and gender are transmitted encrypted by means of RSA before sending it via Unity Analytics events?