The Weekly Raid: Do You Support The EU General Data Protection Regulation (GDPR)

The European Union passed a set regulations back in April 2016 called the General Data Protection Regulation, or GDPR for short. While that was over two years ago, the actual enforcement of the new regulations only come into effect starting on May 25, 2018.

Broadly speaking, the goal of the GDPR is "to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy." What this means in practice is that all companies serving EU citizens must now comply with a specific set of instructions on how to collect data on individuals, how to allow individuals to opt-out, and inform individuals on how their data is being used. Failure to comply with the new regulations means facing stiff penalties: up to €20 million Euros or 4% of annual global turnover (which ever is higher.)

The EU provide an official FAQ with some of the key changes of the new regulation. One that I found instructive was on Consent:

The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.​

Other issues covered is the 'Right to be Forgotten' aka Data Erasure. This means EU citizens can request that companies storing their data delete that data. Failure on the part of companies to comply would put them in breach of the GDPR. Some of the new regulations are a bit more onerous and contentious, for example the requirement that (large) companies hire Data Protection Officers to oversee customer data protection initiatives and compliance.

While these regulations are aimed at the broader internet and technology sector, gaming has been equally effected. WarpPortal, the publishers behind Ragnarok Online and several other titles, has decided to pull out of the EU region entirely. Some studios have made even more draconian decides due to the upcoming enforcement deadline. Super Monday Night Combat is closing globally, despite remaining online for years with a double-digit plaeyrbase prior to the new law. We're likely to see several more MMOs & MMORPGs shut down due to the new law, especially older games whose developers/publishers cant afford to make the changes required to comply with the GDPR.

We have 3 weeks to go until the GDPR comes into full effect, in the mean time we'd like to know whether you support these new data regulations or if you think they'll be a net-negative. Before you decide, you may want to read the GDPR Key Changes page!

Lifelong gamer always looking for the next virtual adventure. I'm still waiting for the next big MMORPG. Until then, you can find me hopping between multiple games.

  • Feto

    Sucks to be in the EU, they are probably gonna be IP banned from a lot of small company's apps, services or games because of the extra costs added and the probable fines.

    For games the "Right to be forgotten" seems especially weird. You may delete your banned account/mail and make a new one using the same mail and even make the same character.

    • TianlanSha

      While some small companies may block the EU, it's the EU, a market as big, if not bigger than NA, so I doubt companies will want to pass on it.

      • Feto

        Yes, the market is big enough for most situations, but it doesn't look good for games in particular. I don't think that many games have an exclusive EU server nowadays, most of them merge with the NA server.

  • ivan_

    Less legalese is always good. More importantly, this seems like a consumer-first law, which is always better than the alternative.