Take-2-Interactive's new EULA

Status
Not open for further replies.
MP | Moongazer

MP | Moongazer

Chieftain
Joined
Apr 18, 2018
Messages
68
Apparently the EULA from T2I pissed off a lot of gamers, including great franchises like Civilizations (Spyware, as far as I can see).
Qouted from the EULA:
"By installing and using the Software, you consent to the information collection and usage terms set forth in this section and Licensor's Privacy Policy, including (where applicable) (i) the transfer of any personal information and other information to Licensor, its affiliates, vendors, and business partners, and to certain other third parties, such as governmental authorities, in the U.S. and other countries located outside Europe or your home country, including countries that may have lower standards of privacy protection; (ii) the public display of your data, such as identification of your user-created content or displaying your scores, ranking, achievements, and other gameplay data on websites and other platforms; (iii) the sharing of your gameplay data with hardware manufacturers, platform hosts, and Licensor's marketing partners; and (iv) other uses and disclosures of your personal information or other information as specified in the above-referenced Privacy Policy, as amended from time to time. If you do not want your information used or shared in this manner, then you should not use the Software."

"The information we collect may include personal information such as your first and/or last name, e-mail address, phone number, photo, mailing address, geolocation, or payment information. In addition, we may collect your age, gender, date of birth, zip code, hardware configuration, console ID, software products played, survey data, purchases, IP address and the systems you have played on. We may combine the information with your personal information and across other computers or devices that you may use."

Any thoughts Civs players?
Edit: sorry for the misleading title but this EULA is not new. It had existed before the new GDPR law came into force recently (I think).
 
Last edited:
I honestly could not care less. But then I don't care about that form of privacy. And it's not as though other things haven't already taken my data anyhow.
 
What's in it that's a problem? Can't form an opinion without knowing that...
 
EULA:
"By installing and using the Software, you consent to the information collection and usage terms set forth in this section and Licensor's Privacy Policy, including (where applicable) (i) the transfer of any personal information and other information to Licensor, its affiliates, vendors, and business partners, and to certain other third parties, such as governmental authorities, in the U.S. and other countries located outside Europe or your home country, including countries that may have lower standards of privacy protection; (ii) the public display of your data, such as identification of your user-created content or displaying your scores, ranking, achievements, and other gameplay data on websites and other platforms; (iii) the sharing of your gameplay data with hardware manufacturers, platform hosts, and Licensor's marketing partners; and (iv) other uses and disclosures of your personal information or other information as specified in the above-referenced Privacy Policy, as amended from time to time. If you do not want your information used or shared in this manner, then you should not use the Software."

"The information we collect may include personal information such as your first and/or last name, e-mail address, phone number, photo, mailing address, geolocation, or payment information. In addition, we may collect your age, gender, date of birth, zip code, hardware configuration, console ID, software products played, survey data, purchases, IP address and the systems you have played on. We may combine the information with your personal information and across other computers or devices that you may use."

This is in a single player game like Civ.
Taken from Steam review.

Same situation with another great game which also a favorite game of mine - Kerbal Space Program.
I have not ever seen such unique games in the gaming industry like Civs and KSP for a long time, and now they suffered the same problem with other mainstream medias.
 
Last edited by a moderator:
I don't think that anything changed, actually. They did it like this before - getting any info they can and giving/selling it to whoever they like. What's new is the law in the EU that doesn't allow it anymore. However, if you explicitly agree (like you do with this EULA), they can still do it.
 
Siptah said:
I don't think that anything changed, actually. They did it like this before - getting any info they can and giving/selling it to whoever they like. What's new is the law in the EU that doesn't allow it anymore. However, if you explicitly agree (like you do with this EULA), they can still do it.
Click to expand...
The EU law says they can't hide what they are doing with your data in 20 pages of text that nobody ever reads, they have to state it clearly, and that is what they are doing. The data collection they are doing is ofcourse nothing new.
 
Those terms are in fact a breach of the new European General Data Protection Regulation (GDPR) which entered into force on 25th May, and if such policies were to be applied to European users, T2I would be subject to administrative fines up to 4% of their global turnover. If you're European, your data may generally only be used based on your explicit consent (which may only be given if you have been transparently, explicitly and separately informed about the scope of data collection, its administrator etc. - hiding the relevant terms in the general Terms of Use is not allowed) or when the use of data is necessary for the performance of the contract (which in this case it is not). And I'm saying this as a lawyer dealing with data protection, among other things.
 
Chefofrats said:
Those terms are in fact a breach of the new European General Data Protection Regulation (GDPR) which entered into force on 25th May, and if such policies were to be applied to European users, T2I would be subject to administrative fines up to 4% of their global turnover. If you're European, your data may generally only be used based on your explicit consent (which may only be given if you have been transparently, explicitly and separately informed about the scope of data collection, its administrator etc. - hiding the relevant terms in the general Terms of Use is not allowed) or when the use of data is necessary for the performance of the contract (which in this case it is not). And I'm saying this as a lawyer dealing with data protection, among other things.
Click to expand...

But is it possible to play the game without giving explicit consent? Because if it isn't it doesn't matter much; the only way to continue playing Civ 6 is by allowing them to (bolded mine) "the transfer of any personal information and other information to Licensor, its affiliates, vendors, and business partners, and to certain other third parties, such as governmental authorities, in the U.S. and other countries located outside Europe or your home country, including countries that may have lower standards of privacy protection", while they can keep going. That basically makes the law useless; there should be a way to not give consent (unless they can give me even a single good reason why they need this for me to play the game) and still play.
 
Chefofrats said:
Those terms are in fact a breach of the new European General Data Protection Regulation (GDPR) which entered into force on 25th May, and if such policies were to be applied to European users, T2I would be subject to administrative fines up to 4% of their global turnover. If you're European, your data may generally only be used based on your explicit consent (which may only be given if you have been transparently, explicitly and separately informed about the scope of data collection, its administrator etc. - hiding the relevant terms in the general Terms of Use is not allowed) or when the use of data is necessary for the performance of the contract (which in this case it is not). And I'm saying this as a lawyer dealing with data protection, among other things.
Click to expand...
If you really are a lawyer then you should know that consent and contract are only two of the possible legal basis for collecting and keeping data, you should also be aware that categorical stances like "those terms are a breach" are hard to make at this time - how the law is interpreted by the Courts and administered by Governments will shape what is and isn't a breach in reality over the next 10 years or so.

Leyrann said:
That basically makes the law useless; there should be a way to not give consent (unless they can give me even a single good reason why they need this for me to play the game) and still play.
Click to expand...
The laws not useless but it's also not dictating to companies - they have to make clear if you want to use their products what the implications are, it's then up to you to decide if the game is worth it.
 
Last edited by a moderator:
But why suddenly did T2I come up with this idea? Data protection is a very controversial topic, yet T2I went straight out and say "hey, we are selling you a very awesome sequel for an excellent franchise but this time it is a spyware. Buy it or GTFO".
 
Chefofrats said:
Those terms are in fact a breach of the new European General Data Protection Regulation (GDPR) which entered into force on 25th May.
Click to expand...

Exactly.

Also 2K would not be allowed to sell our (UK & EU customers) personal info to any third party. And no, agreeing to their EULA doesn't count as consent. Were 2K lawyers completely oblivious to the GDPR? :rolleyes:

Now any of this legion of pissed off gamers can report 2K to the EU ombudsman.
 
It’s interesting, despite having received a million GDPR emails over the last few weeks, I don’t recall seeing much from games platforms: Steam and Paradox, yes; Origin and Battle.net no...
 
The contract may not make the service conditional upon your surrendering your personal data which is not essential to the service itself - in this case, the game. It must be possible to refuse consent to excessive data collection, otherwise the consent is not considered to be given freely and thus GDPR rules are breached.
 
Chefofrats said:
t must be possible to refuse consent to excessive data collection, otherwise the consent is not considered to be given freely and thus GDPR rules are breached.
Click to expand...
Going to be lots of cases before this is all nailed down, lots of different interpretations about excessive I'm sure!
 
Here is an interesting fact: The GDPR applies to all EU citizens regardless of location, so a Brit in the US is still covered. How the EU is gonna enforce that remains to be seen.

On another point just changing the T&C's don't make it so, I would have to explicitly agree to having my data transferred to third parties, apart from a few exceptions, like law enforcement.

The GDPR is like the damn cookie law, good intentions but actually badly written and confusing for smaller companies, whilst the real criminals just ignore it.

A
 
Noble Zarkon said:
If you really are a lawyer then you should know that consent and contract are only two of the possible legal basis for collecting and keeping data, you should also be aware that categorical stances like "those terms are a breach" are hard to make at this time - how the law is interpreted by the Courts and administered by Governments will shape what is and isn't a breach in reality over the next 10 years or so.
Click to expand...

Of course I simplified it a bit, for clarity. This is not a peer-reviewed paper but a forum for non-lawyers. Other grounds for data collection than consent and contract (Article 6.1.a and 6.1.b of GDPR) do not really apply in this case, except the grounds mentioned in Article 6.1.f, relating to the legitimate interests pursued by the controller - this would mostly apply to T2I's own marketing. Of course categorical stances are hard to make, but some things really are obvious even at this stage and who should comment on that if not people like me, who publish on the subject?
 
Chefofrats said:
Article 6.1.f, relating to the legitimate interests pursued by the controller - this would mostly apply to T2I's own marketing. Of course categorical stances are hard to make, but some things really are obvious even at this stage and who should comment on that if not people like me, who publish on the subject?
Click to expand...
Understand you were simplifying, just didn't want people being misled. I was thinking that "legitimate interests" might include anti-cheating measures and might allow a measure of latitude in what data is collected, in a similar way in which insurance companies don't need your consent for their anti-fraud measures.
 
Noble Zarkon said:
Understand you were simplifying, just didn't want people being misled. I was thinking that "legitimate interests" might include anti-cheating measures and might allow a measure of latitude in what data is collected, in a similar way in which insurance companies don't need your consent for their anti-fraud measures.
Click to expand...

That is a reasonable interpretation, however the Terms quoted above by the OP go much further than that, and they only let you refrain from using the software if you do not agree to the "privacy policy", which is painfully against GDPR rules. It really is a no-privacy policy, which is exactly what GDPR seeks to prevent. Excessive and coercive data processing was what led to GDPR being legislated in the first place.

Also, Flaxton above is right in saying that GDPR is not well written and that it creates problems for small businesses who cannot afford legal services. That is beyond the point here though - whatever you think of it, GDPR is here and unless it is changed or repealed, everybody has to live with it.
 
While in the UK I work for a US company that forced everyone to get AMEX cards.
I went to HR on data protection grounds as AMEX has always had such rules clearly in place in the T&C and the response was simple, we cannot change AMEX but you have a right not to use such a card.
The interesting thing about GDPR is the excessively high penalty for breach in combination with difficulty in enforcement will make this a lawyers heaven.
As I understand it, this has come about not because of your address or name but because ML has become so pervasive in the background. It is the text in forums like facebook and here that are the most valuable data to be mined.
Feel free to stop playing but do not think for a moment that you are safe in any shape form or manner if you have been online. I was talking to an HR analyst from a V large computer company who says they can perform a job interview just from peoples facebook pages nowadays, that the assessment of worth is then saved and shared and unless you are an angel you are doomed to have black marks through your name, at least in the first 5 years. The reality is a lot scarier than a little warning that they know what car you drive.
 
Last edited:
Status
Not open for further replies.

Similar threads

The_J
PCGamer: A new physics paper suggests that we may all be living in the ultimate 4X strategy game after all
Replies
15
Views
2K
Bibor
Bibor
S
Is there a mod for removing artifacts and shipwrecks?
Replies
4
Views
651
Canadian Bluebeer
Canadian Bluebeer
King Phaedron
Castaway - The Lonely Ocean Locked Alien Bio Dome Map
Replies
2
Views
523
King Phaedron
King Phaedron
Dhoomstriker
Congress, Stop Supporting Censorship! KOSA Threatens Free Speech in the US
2
Replies
23
Views
2K
Dhoomstriker
Dhoomstriker
Thorvald of Lym
Photobucket: The Final Insult
2
Replies
22
Views
3K
Patine
Patine
Back
Top Bottom