French game publisher Ubisoft forces users to connect to the internet, and can’t explain why the connection is mandatory for single-player games, noyb, an influential European privacy lobby group, has said.
Privacy advocates at noyb filed a complaint against Ubisoft, the French game publisher known for major titles such as Assassin's Creed, Prince of Persia, and Far Cry. Noyb is known for its successful litigation against American companies such as Apple, Alphabet, the parent firm of Google, and Meta.
In its most recent complaint, noyb claims that Ubisoft forces users to connect to the internet and log in to a Ubisoft account even when they play in single-player mode without interacting with other players.
“Imagine if the Monopoly man sat at your table and took notes every time you wanted to play a board game with your family or friends. Well, that’s the reality of video games,“ Joakim Söderberg, data protection lawyer at noyb, said.
Meanwhile, Ubisoft says players must connect to its online service only once, with the games fully operational offline after that.
“Ubisoft is committed to protecting players personal data on our websites and games. A connection is only mandatory at the first launch of the game to validate the purchase and add the game to the player's account. After that, our single-player games can be played offline if the player chooses to do so. While playing online, the data we collect is used to improve the performance of the game. Players can control their personal data via our Privacy Center,” the company's representative told Cybernews.
Meanwhile, according to the advocacy group, while Ubisoft says it only collects basic essentials, such as when the game was launched, how long it was active, and when users quit, the reality is much different. The complainant, on whose behalf noyb filed the complaint, examined what data was being sent to Ubisoft, discovering that the game had established a connection to external servers 150 times, with Google and Amazon among the data recipients.
Attempts to find out why the game publisher needs users to be online revealed that the company collects personal data, utilizes third-party tools, and collects login and browsing data. The key issue here is that, according to noyb, Ubisoft didn‘t ask users‘ permission to collect this type of data, which is a problem according to the EU‘s strict GDPR privacy law.
“Video games are expensive – but that doesn’t stop companies like Ubisoft from forcing their customers to play offline games online unnecessarily, just so they can make more money by tracking their behaviour,” Söderberg said.
The complaint requires the Austrian data protection authority (DSB) to declare that Ubisoft collects user data without a valid purpose. Additionally, Ubisoft is required to delete all personal data it collected without a valid basis. And the cherry on top – a request to fine Ubisoft €92 million ($105 million).
Ubisoft is a major game publisher with nearly 20,000 employees on five continents and yearly revenues exceeding $2.5 billion.
Updated on April 25th [11:55 a.m. GMT] with a statement from Ubisoft.
Your email address will not be published. Required fields are markedmarked