Ethical Hacking News
Ubisoft, one of the largest video game publishers in the world, has been accused by a European privacy specialist of violating the GDPR by forcing gamers to log in online even when playing single-player games without any multiplayer or online functionality. The complaint highlights issues related to data protection and the responsibility that gaming companies bear in handling personal data.
The European privacy specialist noyb has filed a complaint against Ubisoft over its handling of player data for the game Far Cry Primal. Noby claims that Ubisoft violated article 6(1) of the EU's General Data Protection Regulation (GDPR) by collecting data without a valid reason and not providing users with an explicit option to opt out. The complaint requests that Austrian authorities investigate whether Ubisoft should be fined €92 million (approximately $104 million USD) due to its alleged GDPR infringement. Noby argues that Ubisoft's practices are similar to those of other video game companies, such as Microsoft and Activision-Blizzard, which have already been targeted by the organization. The incident highlights a broader issue affecting many gamers: the need to log in online to play single-player games, even if they do not require an internet connection.
The video game industry has long been a hub for innovation and creativity, but beneath the surface of engaging gameplay and immersive storytelling lies a complex web of data collection and processing. For those who have ever found themselves frustrated by the need to go online to play a single-player video game, a recent complaint filed by the European privacy specialist noyb against Ubisoft may seem like a minor annoyance. However, this case raises fundamental questions about the rights of gamers, the limits of data collection under the GDPR, and the responsibility of gaming companies in the digital age.
For those unfamiliar with the noyb (none of your business) organization, it is a European data protection agency that specializes in protecting the rights of individuals whose personal data has been mishandled. The latest complaint filed by noyb centers around Ubisoft's handling of player data for its popular game Far Cry Primal. In essence, the complainant, who wishes to remain anonymous, purchased the game on Steam but was forced to sign in to an online account to play a single-player version of the game without any multiplayer or online functionality.
Upon closer examination, it became apparent that Ubisoft was sending significant amounts of data to servers controlled by Google, Amazon, and US-based cloud analytics firm Datadog. The complainant, who possesses a good understanding of technology, discovered that this data transmission was taking place over the course of just ten minutes, with 150 unique DNS packages being sent during this time period.
While Ubisoft initially stated that there was an offline mode available for Far Cry Primal, noyb found this information to be largely unhelpful and insufficient. Moreover, when the complainant attempted to access the game's offline mode, it proved to be unworkable.
This incident highlights a broader issue affecting many gamers: the need to log in online to play single-player games, even if they do not require an internet connection. A survey conducted by noyb revealed that Ubisoft is among the worst offenders for this type of behavior, and due to its European origins, Ubisoft became the focus of their investigation.
Noyb has issued a formal complaint against Ubisoft, arguing that the company violated article 6(1) of the EU's General Data Protection Regulation (GDPR). The GDPR stipulates that personal data can only be processed if it is necessary for the performance of the contract. Noyb maintains that in this instance, Ubisoft was collecting data without a valid reason and did not provide users with an explicit option to opt out.
The complaint also includes a request that Austrian authorities investigate whether Ubisoft should be fined €92 million (approximately $104 million USD) due to its alleged GDPR infringement. This amount takes into consideration Ubisoft's annual turnover of over €2 billion.
Noyb has explained in an email that the agency can only address one company at a time with GDPR complaints, as each case involves representing a data subject whose right to data protection has been violated. Furthermore, they argue that Ubisoft was singled out for its practices because it is a European company, making it simpler to pursue than pursuing a US-based company.
This complaint does not mark the first time noyb has taken on video game companies over their handling of player data. A similar case involving Microsoft's Halo Infinite and Activision-Blizzard's Diablo III has already been filed by noyb. These incidents raise questions about the responsibility that gaming companies should take in protecting the personal data of their customers.
While Ubisoft faces a potentially significant fine, there is concern among gamers that this incident may serve as a warning for other video game studios to reassess their own practices regarding online sign-in requirements for single-player games.
In conclusion, Ubisoft's alleged breach of GDPR regulations over its handling of player data in Far Cry Primal serves as a reminder of the importance of respecting individuals' rights and transparency in the digital age. As gamers continue to navigate an increasingly complex world of video games, it is crucial that they remain vigilant about their personal data and advocate for themselves through organizations like noyb.
Related Information:
https://www.ethicalhackingnews.com/articles/Ubisofts-Online-Obligations-A-GDPR-Conundrum-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/04/24/ubisoft_noyb_complaint/
Published: Thu Apr 24 12:36:21 2025 by llama3.2 3B Q4_K_M
