ESO Logs consent is not GDPR Compliant. Very promising.

RANKK7

The site appears to be in breach of GDPR compliance, the consent put there (in a hurry it seems after this thread came out) is a joke, that's NOT compliant at all, just a "Got it" option.

That's a dummy consent, the "learn more" just brings the user to a cookies and you page, are you serious?




Any DGPR compliance scans give results about cookies for which the users must give consent.

• The user MUST be informed of the purposes of the cookies up front.
  
• The cookies arranged in comprehensible categories based on their purposes (can be Marketing, Preference etc..), and the user may then tick or untick the types of cookies, that one wishes to accept and reject.
  
• One may also choose to see a detailed overview of the cookies in use.
  
• The overview simply folds out of the consent banner, mapping all active cookies and presenting them in an accessible manner.
  
• At a glance, the user can now scroll through all of the cookies, see where they come from, read a description of their function and check their duration.
  
• The user can then easily accept or reject the different types of cookies.
  

These are facts and I helped my English with this text from dedicated and serious websites about GDPR and cookies, hope it's all clear, Eso Logs has nothing at present like this and the banner consent at present is not complaint at all.

There must be transparency about cookies and a detailed consent.

So yes, very promising.



BTW since we are at it, let's see in depth what is needed to be answered to be compliant when collecting data, these are the simple questions that must be answered:

1. Do any data subjects you are collecting data from, including your employees, reside in the EEA/EU?
If you are collecting data from citizens or employees that reside in EEA then GDPR applies to you, even if you are based in a country outside the EU.

2. Is your organisation aware of what personal data means under the GDPR?
The GDPR's definition of personal data is ‘any information relating to an identified or identifiable natural person’. There is, however, a wide interpretation - it could mean a nickname, an ID number, an IP address or other indirect identification.

3. Have you assessed the impact of the new definition of consent under the GDPR and how this affects your surveys?
GDPR’s revised approach means you must have clear documentation that the audience is happy for you to email them. And remember, you will need to obtain new consent from any current contacts in your database as well.

4. Do you have a process for breach notification?
There will be a duty for all organisations to report certain types of data breaches and, in some cases, inform the individuals affected by the breach as well.

5. Have you given the data subject the right to access his or her information?
Individuals must have the right to access any personal data that you store about them and this must be provided free of charge.

6. Where a data subject has asked for his or her information, is the information given in a commonly useable and machine readable format?
When asked, you must use “reasonable means” to supply the information. For example, if the request is made electronically, you should provide the information in a commonly used electronic format.

7. Does your organisation have the process of erasing the subject’s data at his/her request?
Make sure you have a process in place for when an individual asks you to delete their personal data. Would you know where to find the data, who has to give permission to delete it and what internal processes are in place to make sure that it happens?

8. Does your organisation hold and process data only if it is absolutely necessary for the completion of its duties?
GDPR will introduce the concept of ‘privacy by design' and by default to encourage organisations to consider data protection throughout the entire life cycle of any process. Organisations will need to implement internal policies and procedures to be compliant.

9. Have you trained your staff on the GDPR and how to properly handle data?
The majority of data breaches occur because of human error. To make sure staff are aware of their obligations, organisations are encouraged to implement GDPR staff awareness training and provide evidence that they understand the risks.

10. Have you considered if you need to appoint a Data Protection Officer (DPO)?
For many businesses, it will be mandatory to appoint a DPO, for instance if your core activity involves the regular monitoring of individuals on a large scale. You should consider now whether or not you need to appoint a DPO and to make sure they have the required expertise and knowledge.

Now let's see what are the fines for infringement directly from www.gdpreu.org/compliance/fines-and-penalties/

You @ZOS I'm waiting to see what are your actual plans with all this Logs thing, this may be the actual finishing blow to my love for this game. Total transparency about collecting and managing data is needed!

---

I add a TL/DR

The site that should hold our data (@ZOS would you care to tell us which ones in details and to which extend? Since not everyone is able or have the time to analyze logs and transparency is needed and this is up to you), so that site currently don't have a GDPR compliant consent for cookies and it's not promising, it's a basic thing to have.
It's something that can be added at any time and hopefully will be added.

Then there is the part about the data shared from the game but it's obscure for me and for many and I think @ZOS should come out clear and straight about this and explain how the whole data sharing/storing is going to get managed since they are providing support for this.

Idinuse

In fact it’s not cookies only. It’s about gathering data in general and or tracking an online user, not only on web sites, but any online service.

Although having your actions recorded and stored on your or someone else’s hard drive with or without consent might be considered a cookie.

Idinuse

Lol self quote...

RANKK7

Idinuse wrote: »

In fact it’s not cookies only. It’s about gathering data in general and or tracking an online user, not only on web sites, but any online service.

Although having your actions recorded and stored on your or someone else’s hard drive with or without consent might be considered a cookie.

Yes, the dummy cookies consent that is not compliant is one thing, then there is also the rest to see.

Hallothiel

As have noted on other threads about this, GDPR is a minefield at present and has not been tested / challenged in Court.

The main debate stems around whether your user name in a game can be considered personal information - GDPR speaks about ‘online indicators’ that can ‘directly or indirectly’ identify someone, which is rather vague. And do you own the right to that information, or does the game owner?

GDPR also states that consent should NOT be automatic butt that people have to opt-in - which is not the case with ESOlogs.

People have also mentioned that similar information is uploaded to CMX and Twitch streams so that should make it ok as no-one complains about that - but it may be that people have just not considered what is shared. There is some debate around Twitch streams & YouTube channels and consent of those shown.

But as I said, even though this case in in May 2018, a lot of companies have dragged their feet as it’s complicated, especially when it comes to digital rights. So there is a real need for clarification around just what is personal data in gaming.

RANKK7

Hallothiel wrote: »

As have noted on other threads about this, GDPR is a minefield at present and has not been tested / challenged in Court.

The main debate stems around whether your user name in a game can be considered personal information - GDPR speaks about ‘online indicators’ that can ‘directly or indirectly’ identify someone, which is rather vague. And do you own the right to that information, or does the game owner?

GDPR also states that consent should NOT be automatic butt that people have to opt-in - which is not the case with ESOlogs.

People have also mentioned that similar information is uploaded to CMX and Twitch streams so that should make it ok as no-one complains about that - but it may be that people have just not considered what is shared. There is some debate around Twitch streams & YouTube channels and consent of those shown.

But as I said, even though this case in in May 2018, a lot of companies have dragged their feet as it’s complicated, especially when it comes to digital rights. So there is a real need for clarification around just what is personal data in gaming.

One thing seems to be sure though, the cookies consent presented now it's NOT compliant and to be honest that's not promising at all.

That's the point. That's one thing that MUST be compliant.

Cookies must be consented and presented with a GDPR compliant consent.

Hallothiel

Just to add, imho it is best for companies to err on the side of caution with data and what they do with it. Just because they think something might be ‘useful’ or ‘helpful’ doesn’t mean they can they can just do it. They have to have a legitimate reason to share that data.

Ydrisselle

RANKK7 wrote: »

Hallothiel wrote: »

As have noted on other threads about this, GDPR is a minefield at present and has not been tested / challenged in Court.

The main debate stems around whether your user name in a game can be considered personal information - GDPR speaks about ‘online indicators’ that can ‘directly or indirectly’ identify someone, which is rather vague. And do you own the right to that information, or does the game owner?

GDPR also states that consent should NOT be automatic butt that people have to opt-in - which is not the case with ESOlogs.

People have also mentioned that similar information is uploaded to CMX and Twitch streams so that should make it ok as no-one complains about that - but it may be that people have just not considered what is shared. There is some debate around Twitch streams & YouTube channels and consent of those shown.

But as I said, even though this case in in May 2018, a lot of companies have dragged their feet as it’s complicated, especially when it comes to digital rights. So there is a real need for clarification around just what is personal data in gaming.

One thing seems to be sure though, the cookies consent presented now it's NOT compliant and to be honest that's not promising at all.

That's the point. That's one thing that MUST be compliant.

Cookies must be consented and presented with a GDPR compliant consent.

I think we should tag in the developer, @Kihra for the thread.

IzzyStardust

Also: not that I give a damn personally; but I want to know: So can any persona just search any user and DL their logs?
That's frickin' shady if so.

Yeah it appears I can just look at any player.

The mess this is gonna make when people start posting everyone's stuff to discord.

Mayrael

Lol... GDPR is about personal data - your nickname from a game doesn't count unless it's attached to your real name or at least email address. Nick of a character is not a personal data period.

FleetwoodSmack

So long as my laziness doesn't get my PvP build lifted when I'm in a raid or something, I think people should just take a step back and wait until there's more information. Make constructive criticisms. Smacking each other around isn't going to get the tool removed and it's not going to give it the support it needs to stay.

Edit; I'm not calling anyone out in the thread specifically, it's just how the other threads went down--we're better than that.

MLGProPlayer

Idinuse wrote: »

In fact it’s not cookies only. It’s about gathering data in general and or tracking an online user, not only on web sites, but any online service.

Although having your actions recorded and stored on your or someone else’s hard drive with or without consent might be considered a cookie.

Your non-personal data in an online game isn't private information. ZOS can do whatever they want with it.

Ydrisselle

Mayrael wrote: »

Lol... GDPR is about personal data - your nickname from a game doesn't count unless it's attached to your real name or at least email address. Nick of a character is not a personal data period.

If it can be tied to you it can be considered personal data I think. For example I use my main ESO toon's name across many MMOs - it can be tracked back to me fairly easily.

Idinuse

Mayrael wrote: »

Lol... GDPR is about personal data - your nickname from a game doesn't count unless it's attached to your real name or at least email address. Nick of a character is not a personal data period.

Lol you don't know anything.

Article 4(1) defines “personal data” as follows (all emphasis added unless otherwise stated):
"personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person"

No "real name" or "email" has to be associated to the identifier (even though E-mail is on the Esologs web site). If my social identity, here and in the game, Idinuse is collected by a service and stored on my or someone else's computer/hard drive and or optionally uploaded to a public space that person and/or everyone here at least knows that's me, who last I checked is a natural person. And it's also about tracking and recording actions taken on an online service. Even if I only show up as Anonymous the person that has the log knows it's me if we were the only ones fighting i.e. a World Boss.

If this work in i.e. duels, I can upload the log of me and another from our duel and i.e I know that I wrecked that "Anonymous" person big time. I know who that "Anonymous" "natural person" is and her/his "social identity/Identifier", and nothing stops me from making that public using data collected by the service provider.

And the argument that this data would not be used malignantly at all, no one in their right mind would...etc, is not valid reason for breaching privacy. It's much the same as the "honest good intentions" of web sites to provide you with adds that YOU really need and that are really RELEVANT to you -honestly it's all in good faith. Well I bet the majority of the ESO community uses ad blockers or at least in some way restrict data collection on web sites they use.

FierceSam

Just because you CAN doesn’t mean you SHOULD

At present the issue of privacy and online data is extremely messy, with law and regulation lagging way behind people’s expectations. However, it’s clear that individual players very closely associate their online IDs and character names with themselves and this should be appreciated and respected.

Irrespective of law, ZOS has a moral obligation to provide the maximum amount of privacy for their customers.

Right now this is a well intentioned project that is being very badly implemented.

DocFrost72

One thing I don't understand, supposedly this system (exactly or incredibly similar) is already in WoW and FF. It has not been legally challenged in either game, has it? Why is ESO different? Is there something special about this particular setup the others do not have?

VaranisArano

DocFrost72 wrote: »

One thing I don't understand, supposedly this system (exactly or incredibly similar) is already in WoW and FF. It has not been legally challenged in either game, has it? Why is ESO different? Is there something special about this particular setup the others do not have?

If I had to guess....

1. GDPR is relatively new, coming into effect in 2018. As some posters have mentioned, compliance hasn't been tested in court yet

2. ESO has a large portion of single player gamers, here from the TES games, some of whom are rather adverse to the data sharing that seems (or so I'm told) to be normal in other MMOs

3. Until this point, ESO's handing of add-ons that give other players access to your combat info has been to disallow directly tying your combat data to your character id. ZOS says ESO Logs is fine because its not in real time. Many players are still concerned because our consent is assumed and its a 3rd party site - neither of which has happened before in ESO. As currently implemented, ESO Logs reverses the status quo by assuming all players consent to have their character id tied to shareable, searchable public logs.

So to answer your questions:
Why now and not before? The GDPR is new.

Why ESO and not others? This is something new for ESO. It reverses the status quo on privacy of combat data. Before, no one could directly tie our combat data to our character id without our consent by posting it. With ESO Logs, every player's consent is assumed by default to share their character id in the logs, which can be shared or made public (public allows them to be searched and ranked on leaderboards.)



That being said, the above is somewhat tangential to the thread topic, which has less to do with ESO Logs itself, and more to do with their Cookies policy.

That's an even simpler answer.

Why now?
Because the GDPR is new, and the website's Cookies aren't currently in compliance with it.

NupidStoob

DocFrost72 wrote: »

One thing I don't understand, supposedly this system (exactly or incredibly similar) is already in WoW and FF. It has not been legally challenged in either game, has it? Why is ESO different? Is there something special about this particular setup the others do not have?

No it isnt different. Every game that has a competitive ladder is tracking users statistics and in most they can be reviewed on external websites. Eso leaderboards also existed for the longest time, but I guess that didn't matter to people who would never get on there anyways. If you played ESO for some time there is a high chance you have walked past a streamer or youtuber while they were recording as well. Nothing about ESO logs is a big deal, it's just ESO forum warriors blowing something completely out of proportion.

I check these threads from time to time to see what new ridiculous ideas the nay sayers are bringing to the table, but every time I feel dumber reading this. Huge waste of time honestly. There are real issues about data security out there in the world folks. If you really care so much do something about them, start by deleting all your social media and not whine about your combat logs in an online game.

VaranisArano

NupidStoob wrote: »

DocFrost72 wrote: »

One thing I don't understand, supposedly this system (exactly or incredibly similar) is already in WoW and FF. It has not been legally challenged in either game, has it? Why is ESO different? Is there something special about this particular setup the others do not have?

No it isnt different. Every game that has a competitive ladder is tracking users statistics and in most they can be reviewed on external websites. Eso leaderboards also existed for the longest time, but I guess that didn't matter to people who would never get on there anyways. If you played ESO for some time there is a high chance you have walked past a streamer or youtuber while they were recording as well. Nothing about ESO logs is a big deal, it's just ESO forum warriors blowing something completely out of proportion.

I check these threads from time to time to see what new ridiculous ideas the nay sayers are bringing to the table, but every time I feel dumber reading this. Huge waste of time honestly. There are real issues about data security out there in the world folks. If you really care so much do something about them, start by deleting all your social media and not whine about your combat logs in an online game.

A. This thread is about one of those real world issues of data security...cookies on websites, and how the GDPR requires websites to be upfront and allow users to consent to their use.

And how the ESO Logs site currently isnt conpliant when it comes to their Cookies.

B. I confess I don't understand the logic of the argument that goes like: "if you aren't concerned with ALL data security issues EVER, you can't possibly be concerned with how THIS data security issues might impact your gaming experience in ESO."

I don't feel the need to demonstrate the depth of my concern about data usage on Facebook, Google, social media, etc to your satisfaction before I can talk about my concerns about how ESO Logs assumes our consent to publicly share our character ids, or in the case of this thread's topic, any concerns that the ESO Logs site is serving EU players without being compliant with their law regarding things like Cookies.

Mayrael

Idinuse wrote: »

Mayrael wrote: »

Lol... GDPR is about personal data - your nickname from a game doesn't count unless it's attached to your real name or at least email address. Nick of a character is not a personal data period.

Lol you don't know anything.

Article 4(1) defines “personal data” as follows (all emphasis added unless otherwise stated):
"personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person"

No "real name" or "email" has to be associated to the identifier (even though E-mail is on the Esologs web site). If my social identity, here and in the game, Idinuse is collected by a service and stored on my or someone else's computer/hard drive and or optionally uploaded to a public space that person and/or everyone here at least knows that's me, who last I checked is a natural person. And it's also about tracking and recording actions taken on an online service. Even if I only show up as Anonymous the person that has the log knows it's me if we were the only ones fighting i.e. a World Boss.

If this work in i.e. duels, I can upload the log of me and another from our duel and i.e I know that I wrecked that "Anonymous" person big time. I know who that "Anonymous" "natural person" is and her/his "social identity/Identifier", and nothing stops me from making that public using data collected by the service provider.

And the argument that this data would not be used malignantly at all, no one in their right mind would...etc, is not valid reason for breaching privacy. It's much the same as the "honest good intentions" of web sites to provide you with adds that YOU really need and that are really RELEVANT to you -honestly it's all in good faith. Well I bet the majority of the ESO community uses ad blockers or at least in some way restrict data collection on web sites they use.

What you miss mate is the identification part, to be considered as a personal data collection it has to contain reference to data allowing to identify you. Nick name on it's own is not a personal data because there may be 1000 people who used nick Mayrael, there is no way to connect this nick with my person. But when there would be at least my mail attached to this nickname situation is different. I have talked about it with our law team in our company mate.

Idinuse

VaranisArano wrote: »

DocFrost72 wrote: »

One thing I don't understand, supposedly this system (exactly or incredibly similar) is already in WoW and FF. It has not been legally challenged in either game, has it? Why is ESO different? Is there something special about this particular setup the others do not have?

If I had to guess....

1. GDPR is relatively new, coming into effect in 2018. As some posters have mentioned, compliance hasn't been tested in court yet

2. ESO has a large portion of single player gamers, here from the TES games, some of whom are rather adverse to the data sharing that seems (or so I'm told) to be normal in other MMOs

3. Until this point, ESO's handing of add-ons that give other players access to your combat info has been to disallow directly tying your combat data to your character id. ZOS says ESO Logs is fine because its not in real time. Many players are still concerned because our consent is assumed and its a 3rd party site - neither of which has happened before in ESO. As currently implemented, ESO Logs reverses the status quo by assuming all players consent to have their character id tied to shareable, searchable public logs.

So to answer your questions:
Why now and not before? The GDPR is new.

Why ESO and not others? This is something new for ESO. It reverses the status quo on privacy of combat data. Before, no one could directly tie our combat data to our character id without our consent by posting it. With ESO Logs, every player's consent is assumed by default to share their character id in the logs, which can be shared or made public (public allows them to be searched and ranked on leaderboards.)



That being said, the above is somewhat tangential to the thread topic, which has less to do with ESO Logs itself, and more to do with their Cookies policy.

That's an even simpler answer.

Why now?
Because the GDPR is new, and the website's Cookies aren't currently in compliance with it.

Indeed. Also do I even have to be an ESO customer or even have a game account to register on the Esologs website and brows the content?

anitajoneb17_ESO

Mayrael wrote: »

What you miss mate is the identification part, to be considered as a personal data collection it has to contain reference to data allowing to identify you. Nick name on it's own is not a personal data because there may be 1000 people who used nick Mayrael, there is no way to connect this nick with my person. But when there would be at least my mail attached to this nickname situation is different. I have talked about it with our law team in our company mate.

I hope you realize that this argument is pretty much just as valid as "I discussed it with my grandmother".

EU laws consider pseudonym different from anonym, and a nickname is considered private data, whether you like it or not.

Besides, not everything has to be legal or illegal. Some things are just morally ok or not ok. If I'd, for instance, change my forum name into @slashlurk , it probably would not be illegal and it probably wouldn't mean anything to anyone not familiar with the ESO community. It wouldn't, still, be a very nice move, and a moderator would probably kindly require from me to change it, and rightfully so.

The fact is, ESO setting should defaut to "anonymous" when logging events, and the esologs site should make it much clearer what they do and don't do with the info they collect, and explicitly require educated consent. That's all there is to it and it wouldn't hurt anyone.

tgrippa

Where are all these fake lawyers coming from? I have a law degree as part of my undergraduate studies so take my non-serious sub-par non-professional legal view:

There is absolutely nothing there that can identify you as a person. YOUR GAMER TAG IS NOT YOUR LEGAL NAME. The data being collected cannot be used to identify yourself as a person. If you use your legal name as a gamer tag then that is on you, as reasonableness is a legal consideration that will come into play and it is not reasonable to blame ZOS for your own choice. You also have the option to change your gamer tag if you are worried about being identified, but I guess you are not if you are using your real name as a gamer tag.

There is nothing here that indicates any breach of data protection.

Please stop trying to find excuses to hide your fight data from other players. I can already tell who is performing well and who is being carried, and you know what, I don’t care, it is just a game.

You all have real lives where GDPR rules actually apply to your RL identities. Please go take a walk in the park and relax, and stop trying to ruin a tool that many people are looking forward to.

People these days, jeez.

Idinuse

Mayrael wrote: »

Idinuse wrote: »

Mayrael wrote: »

Lol... GDPR is about personal data - your nickname from a game doesn't count unless it's attached to your real name or at least email address. Nick of a character is not a personal data period.

Lol you don't know anything.

Article 4(1) defines “personal data” as follows (all emphasis added unless otherwise stated):
"personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person"

No "real name" or "email" has to be associated to the identifier (even though E-mail is on the Esologs web site). If my social identity, here and in the game, Idinuse is collected by a service and stored on my or someone else's computer/hard drive and or optionally uploaded to a public space that person and/or everyone here at least knows that's me, who last I checked is a natural person. And it's also about tracking and recording actions taken on an online service. Even if I only show up as Anonymous the person that has the log knows it's me if we were the only ones fighting i.e. a World Boss.

If this work in i.e. duels, I can upload the log of me and another from our duel and i.e I know that I wrecked that "Anonymous" person big time. I know who that "Anonymous" "natural person" is and her/his "social identity/Identifier", and nothing stops me from making that public using data collected by the service provider.

And the argument that this data would not be used malignantly at all, no one in their right mind would...etc, is not valid reason for breaching privacy. It's much the same as the "honest good intentions" of web sites to provide you with adds that YOU really need and that are really RELEVANT to you -honestly it's all in good faith. Well I bet the majority of the ESO community uses ad blockers or at least in some way restrict data collection on web sites they use.

What you miss mate is the identification part, to be considered as a personal data collection it has to contain reference to data allowing to identify you. Nick name on it's own is not a personal data because there may be 1000 people who used nick Mayrael, there is no way to connect this nick with my person. But when there would be at least my mail attached to this nickname situation is different. I have talked about it with our law team in our company mate.

Lol, there is only one @Idinuse in this game, I'm sorry but you are scraping at the bottom of the barrel "mate". It explicitly states black on white what is considered an identifier, and your real name and E-mail has nothing exclusively to do with it. It's enough that it points to a "natural person". But hey I suggest you file a complaint about section 4(1) to the EU commission if you want it to be exclusively tied to a person's real name or E-mail.

If you seriously mean that if I create Misstress Ewona as a FaceBook profile, using a burner e-mail account, because I want to be Anonymous on my cheerful FB profile, that FBs privacy clauses and any privacy law do not apply to that account you're delusional.

I know, RL life sucks, wishful dreaming FTW.

MartiniDaniels

Your game is info is open to add-ons of other players already, and you are not complaining. Why complain now?

anitajoneb17_ESO

MartiniDaniels wrote: »

Your game is info is open to add-ons of other players already, and you are not complaining. Why complain now?

Upload and storage onto a 3rd party site with search functionality.

MartiniDaniels

anitajoneb17_ESO wrote: »

MartiniDaniels wrote: »

Your game is info is open to add-ons of other players already, and you are not complaining. Why complain now?

Upload and storage onto a 3rd party site with search functionality.

There are hundreds of similar sites for different online games, where you just need to enter @userid and got information on his "statistics". They were never objects of legal cases or anything, it's like nobody cared before that gaming info is stored somewhere and others may look into it.
I mean look at Starcraft or Overwatch, those are public cyber-sport games and yet all info is online, even available with graphs, trends, list of latest plays etc.. i doubt that Blizzard may overlook something that may backlash them from law side.

witchdoctor

VaranisArano wrote: »

A. This thread is about one of those real world issues of data security...cookies on websites, and how the GDPR requires websites to be upfront and allow users to consent to their use.

And how, people withhout a law degree, or actual speciality in the subject matter itself, are concluding the ESO Logs site currently isnt conpliant when it comes to their Cookies.

Not singling you out Varanis, just adding why I think these threads are silly.

Identifying why one might be concerned? I get that.

Trying to assert something is, or is not, against the GDPR, as fact? Silly.

NupidStoob

VaranisArano wrote: »

NupidStoob wrote: »

DocFrost72 wrote: »

One thing I don't understand, supposedly this system (exactly or incredibly similar) is already in WoW and FF. It has not been legally challenged in either game, has it? Why is ESO different? Is there something special about this particular setup the others do not have?

No it isnt different. Every game that has a competitive ladder is tracking users statistics and in most they can be reviewed on external websites. Eso leaderboards also existed for the longest time, but I guess that didn't matter to people who would never get on there anyways. If you played ESO for some time there is a high chance you have walked past a streamer or youtuber while they were recording as well. Nothing about ESO logs is a big deal, it's just ESO forum warriors blowing something completely out of proportion.

I check these threads from time to time to see what new ridiculous ideas the nay sayers are bringing to the table, but every time I feel dumber reading this. Huge waste of time honestly. There are real issues about data security out there in the world folks. If you really care so much do something about them, start by deleting all your social media and not whine about your combat logs in an online game.

A. This thread is about one of those real world issues of data security...cookies on websites, and how the GDPR requires websites to be upfront and allow users to consent to their use.

And how the ESO Logs site currently isnt conpliant when it comes to their Cookies.

B. I confess I don't understand the logic of the argument that goes like: "if you aren't concerned with ALL data security issues EVER, you can't possibly be concerned with how THIS data security issues might impact your gaming experience in ESO."

I don't feel the need to demonstrate the depth of my concern about data usage on Facebook, Google, social media, etc to your satisfaction before I can talk about my concerns about how ESO Logs assumes our consent to publicly share our character ids, or in the case of this thread's topic, any concerns that the ESO Logs site is serving EU players without being compliant with their law regarding things like Cookies.

A. Let's not pretend like we don't know what it's really about. It's just a front.

B. Like I said, there are real issues and non real issues. Nothing about your combat log could be considered sensitive data whatsoever. It won't ever affect your real life in any way. All the data willingly shared by people is usually way more sensitive. The stuff people write on the forums alone is more sensitive. If someone could connect their forum account to their real identity it could have disastrous real life consequences depending on the kind of opinions they shared. But on the other side nobody would care about anyone's combat logs in the real world. I can safely assume that 99.9% of the people who are being outraged by this have or are sharing more implicating data about themselves voluntarily. I find that hypocritical.

"Negative impact on their gaming experience": There is none. You will still not play with people you dislike. If you dislike people that use these logs then you simply don't play with them and the problem has been solved. If you want to join a guild that have these logs as requirements they will also already require CMX so nothing there changes. If you're worried about your data from random dungeons floating around because other people upload them you can just turn it off and it won't affect you either. They can search your name on the website but find nothing as the website doesn't do the extrapolation people are scared about. If you are worried about being judged real time in dungeons/trials, well CMX already exists and there is not even a need for it as anyone can look at the boss HP and take a stopwatch to calculate DPS. I just need to know how much DPS I usually do which I can also easily calculate myself and I can see how much % group DPS I approximately do.

In the end people simply don't want that it's by default on and honestly I don't care less if ZoS decides to do that or not. People could just make threads simply asking for it to be turned off, but instead we have all these massively blown out of proportion fearmongering threads, spreading misinformation and so on. Sorry if my tone is a bit aggressive, but this is frankly quite annoying.

Trinity_Is_My_Name

IzzyStardust wrote: »

Also: not that I give a damn personally; but I want to know: So can any persona just search any user and DL their logs?
That's frickin' shady if so.

Yeah it appears I can just look at any player.

The mess this is gonna make when people start posting everyone's stuff to discord.

You can make it a private upload but if others do not then yes, anyone apparently can see it.

Suddwrath

Apparently I missed the memo where everyone and their grandma got their law degree back in 2018.