ESO Logs consent is not GDPR Compliant. Very promising.

VaranisArano

DjMuscleboy02 wrote: »

VaranisArano wrote: »

DjMuscleboy02 wrote: »

anitajoneb17_ESO wrote: »

DjMuscleboy02 wrote: »

You should elect to put blinds up. Try again.

This is exactly what we're asking for. A complete opt-out option - or at the very least, the "anonymous" status to be the default status.

Perfect, you can chose to be anonymous! Glad we've worked that out.

That works for every player who knows where the box is to check it to become anonymous, so that their character ID isn't attached to someone else's log.

Being anonymous isn't the default, which means there's a pretty good chance that plenty of new and returning players won't know they have to check the box if they want to be anonymous.

Most analogies break down when pushed hard enough, so I'mma steer clear of the blinds/windows analogy. Especially since everyone presumably knows its possible to shut your blinds if you want privacy.

Honestly, it's not ZOS' responsibility to inform new and existing players of every facet of the game. They have announced the tool, posted many resources as reference, and even mentioned it on live streams. Ignorance is not a valid reason, all the information is readily available. In this regard, possibly mentioning it as a loading screen tip, or maybe for a time period as you scroll through the announcements when first logging in would resolve an issue of ignorance.

I think that's insufficient for an issue that's going to keep coming up, again and again, for new and returning players. Especially since presumably there will still be new and returning players well after Elsweyr and the ESO Log is not new content, and well after your proposed time period (though I like the idea of the announcement).

A year from now, hopefully ESO is still getting new players, plenty of whom will have no idea that ESO Logs is a thing or that they might want to set themselves to anonymous.

I'm looking for ZOS to be proactive for once.

Anonymous is the most private option available, so it should be the default.

I'd like to ask, Do you have any reason why Anonymous shouldn't be the default?

Jeremy

Alinhbo_Tyaka wrote: »

Jeremy wrote: »

Alinhbo_Tyaka wrote: »

Hallothiel wrote: »

@Alinhbo_Tyaka

But the EU server is based in the, er, EU.

Esologs website is not hosted in the EU and is owned by an LLC located in Texas based on the records I can find. The ESO game has servers in the EU and it is the game that sends the information to esologs. This why I have said it does not matter whether the esologs.com website complies or does not comply with GDPR as they are not in the EU. The only recourse is through ZOS not sending the information without permission to a non-compliant website since they do business and have servers located in the EU.

This shouldn't matter because the responsibility of the GDPR falls squarely on the collectors and controllers of the personal data themselves - which in this case would be ZoS because they are the ones collecting this data and making it available to 3rd party websites. The GDPR is pretty specific here and states clearly these protections still apply even if the data is being shared with 3rd parties outside of the EEA (European Economic Area).

You're right that the legal recourse would be through ZoS. But I don't really see how that affects the overall debate.

It affects the debate because too many of the posts keep going back to the esologs website being non-compliant when the fact is it doesn't have to be compliant and it is not party that needs to be taken to task. Instead the posts need to be explicit in it is ZOS who is responsible for ensuring the game hosted on EU based servers is GDPR compliant.

I don't know the ins and outs of the law to determine whether ZOS gathering statistics in a way that appears to conform to the game's TOS and privacy policy breaks the GDPR. I do think from an ethical viewpoint the players should have the option of disabling collection of their statistics by other players. It seems to me a player being able to disable statistics gathering would also eliminate any doubts about complying with GDPR. I'd call that a win-win.

That's just imprecise wording though. It doesn't really affect the general debate about whether or not the addition of these logs are in compliance with the privacy standards of the GDPR. That's what I was trying to say.

I also seriously doubt the terms of service would meet the standards of the GDPR - which requires explicit and informed consent. It's hard to be explicitly informed about something that had not even taken place yet when the user agreed to the terms of service. And even if it did - the user has the right to revoke his or her consent at any time under the GDPR and can even request that the data be erased. This isn't to mention that it requires businesses to use the highest-possible privacy settings by default, which would seem to be the total opposite of having protected data available to third parties unless the user opted out of it.

I think you're right though to suggest they make this optional. If I was a company doing business in Europe that's the route I would take and make this something players could sign up for but only if they wanted to.

DjMuscleboy02

VaranisArano wrote: »

DjMuscleboy02 wrote: »

VaranisArano wrote: »

DjMuscleboy02 wrote: »

anitajoneb17_ESO wrote: »

DjMuscleboy02 wrote: »

You should elect to put blinds up. Try again.

This is exactly what we're asking for. A complete opt-out option - or at the very least, the "anonymous" status to be the default status.

Perfect, you can chose to be anonymous! Glad we've worked that out.

That works for every player who knows where the box is to check it to become anonymous, so that their character ID isn't attached to someone else's log.

Being anonymous isn't the default, which means there's a pretty good chance that plenty of new and returning players won't know they have to check the box if they want to be anonymous.

Most analogies break down when pushed hard enough, so I'mma steer clear of the blinds/windows analogy. Especially since everyone presumably knows its possible to shut your blinds if you want privacy.

Honestly, it's not ZOS' responsibility to inform new and existing players of every facet of the game. They have announced the tool, posted many resources as reference, and even mentioned it on live streams. Ignorance is not a valid reason, all the information is readily available. In this regard, possibly mentioning it as a loading screen tip, or maybe for a time period as you scroll through the announcements when first logging in would resolve an issue of ignorance.

I think that's insufficient for an issue that's going to keep coming up, again and again, for new and returning players. Especially since presumably there will still be new and returning players well after Elsweyr and the ESO Log is not new content, and well after your proposed time period (though I like the idea of the announcement).

A year from now, hopefully ESO is still getting new players, plenty of whom will have no idea that ESO Logs is a thing or that they might want to set themselves to anonymous.

I'm looking for ZOS to be proactive for once.

Anonymous is the most private option available, so it should be the default.

I'd like to ask, Do you have any reason why Anonymous shouldn't be the default?

I'd be perfectly fine with anonymous being the default, I just don't like how people have been campaigning for it. Sure if it was default then groups who wished to use it would have no issue.

However, I think that integrating it into something new players will always see, or that returning players would see easily would be a better solution. It's a phenomenal tool for pretty much any aspect of the game, such a tool should be on by default. If you chose to opt out, that's your prerogative. Though I'm relatively unsure as to why anyone would opt out anyway tbh.

Pulque

tgrippa wrote: »

Where are all these fake lawyers coming from? I have a law degree as part of my undergraduate studies so take my non-serious sub-par non-professional legal view:

There is absolutely nothing there that can identify you as a person. YOUR GAMER TAG IS NOT YOUR LEGAL NAME. The data being collected cannot be used to identify yourself as a person. If you use your legal name as a gamer tag then that is on you, as reasonableness is a legal consideration that will come into play and it is not reasonable to blame ZOS for your own choice. You also have the option to change your gamer tag if you are worried about being identified, but I guess you are not if you are using your real name as a gamer tag.

There is nothing here that indicates any breach of data protection.

Please stop trying to find excuses to hide your fight data from other players. I can already tell who is performing well and who is being carried, and you know what, I don’t care, it is just a game.

You all have real lives where GDPR rules actually apply to your RL identities. Please go take a walk in the park and relax, and stop trying to ruin a tool that many people are looking forward to.

People these days, jeez.

Behind banner of privacy hide those who got carried.

Elsonso

Heelie wrote: »

the amount of people not understanding EU law is......

...pretty much everyone.

Jeremy wrote: »

This shouldn't matter because the responsibility of the GDPR falls squarely on the collectors and controllers of the personal data themselves - which in this case would be ZoS because they are the ones collecting this data and making it available to 3rd party websites. The GDPR is pretty specific here and states clearly these protections still apply even if the data is being shared with 3rd parties outside of the EEA (European Economic Area).

You're right that the legal recourse would be through ZoS. But I don't really see how that affects the overall debate.

It should be interesting how this plays out from a GDPR perspective.

VaranisArano

DjMuscleboy02 wrote: »

VaranisArano wrote: »

DjMuscleboy02 wrote: »

VaranisArano wrote: »

DjMuscleboy02 wrote: »

anitajoneb17_ESO wrote: »

DjMuscleboy02 wrote: »

You should elect to put blinds up. Try again.

This is exactly what we're asking for. A complete opt-out option - or at the very least, the "anonymous" status to be the default status.

Perfect, you can chose to be anonymous! Glad we've worked that out.

That works for every player who knows where the box is to check it to become anonymous, so that their character ID isn't attached to someone else's log.

Being anonymous isn't the default, which means there's a pretty good chance that plenty of new and returning players won't know they have to check the box if they want to be anonymous.

Most analogies break down when pushed hard enough, so I'mma steer clear of the blinds/windows analogy. Especially since everyone presumably knows its possible to shut your blinds if you want privacy.

Honestly, it's not ZOS' responsibility to inform new and existing players of every facet of the game. They have announced the tool, posted many resources as reference, and even mentioned it on live streams. Ignorance is not a valid reason, all the information is readily available. In this regard, possibly mentioning it as a loading screen tip, or maybe for a time period as you scroll through the announcements when first logging in would resolve an issue of ignorance.

I think that's insufficient for an issue that's going to keep coming up, again and again, for new and returning players. Especially since presumably there will still be new and returning players well after Elsweyr and the ESO Log is not new content, and well after your proposed time period (though I like the idea of the announcement).

A year from now, hopefully ESO is still getting new players, plenty of whom will have no idea that ESO Logs is a thing or that they might want to set themselves to anonymous.

I'm looking for ZOS to be proactive for once.

Anonymous is the most private option available, so it should be the default.

I'd like to ask, Do you have any reason why Anonymous shouldn't be the default?

I'd be perfectly fine with anonymous being the default, I just don't like how people have been campaigning for it. Sure if it was default then groups who wished to use it would have no issue.

However, I think that integrating it into something new players will always see, or that returning players would see easily would be a better solution. It's a phenomenal tool for pretty much any aspect of the game, such a tool should be on by default. If you chose to opt out, that's your prerogative. Though I'm relatively unsure as to why anyone would opt out anyway tbh.

I can see where integrating the notification into something obvious could be a workable solution, though more prone to failure than setting everyone to anonymous by default.

As for why a player might want to be anonymous? You'll be logged even if you are set to Anonymous because their necessary for the tool to work, but there's lots of players who don't want their character ID showing up in logs that can be shared with whoever the uploader wants or made publicly available for searching and ranking.

I agree that ESO Logs works best when there is no opt-out/veto, but individual players being Anonymous by default won't actually change anything for the players who want to show their Character ID on the logs, or change how the logs function for the uploader except that they'll see "Anonymous" instead of Character Id's for those players.

Jeremy

lordrichter wrote: »

Heelie wrote: »

the amount of people not understanding EU law is......

...pretty much everyone.

Jeremy wrote: »

This shouldn't matter because the responsibility of the GDPR falls squarely on the collectors and controllers of the personal data themselves - which in this case would be ZoS because they are the ones collecting this data and making it available to 3rd party websites. The GDPR is pretty specific here and states clearly these protections still apply even if the data is being shared with 3rd parties outside of the EEA (European Economic Area).

You're right that the legal recourse would be through ZoS. But I don't really see how that affects the overall debate.

It should be interesting how this plays out from a GDPR perspective.

I'm skeptical that character names on a video game will be interpreted as personal data. The question becomes less obvious to me when it's the account name in question or the person's in-game activities. It's an interesting debate in any case as you say. Ultimately someone over there in Europe is going to have to decide what constitutes personal data and what doesn't. That's why I've said from the beginning that's really what the crux of this debate is all about.

Elwendryll

By the way, it does not matter where the server is located. The EU laws on data privacy applie to the data of EU citizens. So if a website collects the data of EU citizens, they have to be GDPR compliant for the EU citizens. Some companies like discord just chose to make the EU standards apply to their customers worldwide.

I know it's quite complicated and not obvious for non-european, but this thread is full of assumptions. And it looks like most people don't read the previous comments in this thread, there are answers. And yes, a username is definitely personal data.

Alinhbo_Tyaka

Elwendryll wrote: »

By the way, it does not matter where the server is located. The EU laws on data privacy applie to the data of EU citizens. So if a website collects the data of EU citizens, they have to be GDPR compliant for the EU citizens. Some companies like discord just chose to make the EU standards apply to their customers worldwide.

I know it's quite complicated and not obvious for non-european, but this thread is full of assumptions. And it looks like most people don't read the previous comments in this thread, there are answers. And yes, a username is definitely personal data.

If I do not have a business presence in the EU and I do not have any servers located in the EU I do not have to comply with GDPR. The mere fact that the website can be accessed by an EU citizen is not enough to have it fall under the GDPR.

witchdoctor

Alinhbo_Tyaka wrote: »

If I do not have a business presence in the EU and I do not have any servers located in the EU I do not have to comply with GDPR. The mere fact that the website can be accessed by an EU citizen is not enough to have it fall under the GDPR.

Even if the GDPR was written that way, good luck enforcing it.

Sylvermynx

Alinhbo_Tyaka wrote: »

Elwendryll wrote: »

By the way, it does not matter where the server is located. The EU laws on data privacy applie to the data of EU citizens. So if a website collects the data of EU citizens, they have to be GDPR compliant for the EU citizens. Some companies like discord just chose to make the EU standards apply to their customers worldwide.

I know it's quite complicated and not obvious for non-european, but this thread is full of assumptions. And it looks like most people don't read the previous comments in this thread, there are answers. And yes, a username is definitely personal data.

If I do not have a business presence in the EU and I do not have any servers located in the EU I do not have to comply with GDPR. The mere fact that the website can be accessed by an EU citizen is not enough to have it fall under the GDPR.

I.... think you're being obtuse. If EU citizens can access your business site, you will be required to either deny them access, or to fit your site to GDPR's restrictions.

linlilia

Alinhbo_Tyaka wrote: »

Elwendryll wrote: »

By the way, it does not matter where the server is located. The EU laws on data privacy applie to the data of EU citizens. So if a website collects the data of EU citizens, they have to be GDPR compliant for the EU citizens. Some companies like discord just chose to make the EU standards apply to their customers worldwide.

I know it's quite complicated and not obvious for non-european, but this thread is full of assumptions. And it looks like most people don't read the previous comments in this thread, there are answers. And yes, a username is definitely personal data.

If I do not have a business presence in the EU and I do not have any servers located in the EU I do not have to comply with GDPR. The mere fact that the website can be accessed by an EU citizen is not enough to have it fall under the GDPR.

That is not true, if it collects "Personal" information on a EU citizen or someone working in the EU then it falls under the GDPR, also ESO has a server in the EU so it obviously falls under the GDPR.

linlilia

Jeremy wrote: »

lordrichter wrote: »

Heelie wrote: »

the amount of people not understanding EU law is......

...pretty much everyone.

Jeremy wrote: »

This shouldn't matter because the responsibility of the GDPR falls squarely on the collectors and controllers of the personal data themselves - which in this case would be ZoS because they are the ones collecting this data and making it available to 3rd party websites. The GDPR is pretty specific here and states clearly these protections still apply even if the data is being shared with 3rd parties outside of the EEA (European Economic Area).

You're right that the legal recourse would be through ZoS. But I don't really see how that affects the overall debate.

It should be interesting how this plays out from a GDPR perspective.

I'm skeptical that character names on a video game will be interpreted as personal data. The question becomes less obvious to me when it's the account name in question or the person's in-game activities. It's an interesting debate in any case as you say. Ultimately someone over there in Europe is going to have to decide what constitutes personal data and what doesn't. That's why I've said from the beginning that's really what the crux of this debate is all about.

I would say that our user names do qualify, because they are linked to an email and in most cases bank accounts, whether they are located easily or not that is not the point. Also our usernames are Unique, no one can have the same one, same with character names, although they can be changed does not mean that they are not tied to our personal information. Also if you are playing with people that you know who says that in chat during a dungeon they don't use your real name or other real information? We are not always smart about separating our personal lives and game lives, also what if they link a discord, teamspeak, or facebook page that does have your information?

witchdoctor

Sylvermynx wrote: »

Alinhbo_Tyaka wrote: »

Elwendryll wrote: »

By the way, it does not matter where the server is located. The EU laws on data privacy applie to the data of EU citizens. So if a website collects the data of EU citizens, they have to be GDPR compliant for the EU citizens. Some companies like discord just chose to make the EU standards apply to their customers worldwide.

I know it's quite complicated and not obvious for non-european, but this thread is full of assumptions. And it looks like most people don't read the previous comments in this thread, there are answers. And yes, a username is definitely personal data.

If I do not have a business presence in the EU and I do not have any servers located in the EU I do not have to comply with GDPR. The mere fact that the website can be accessed by an EU citizen is not enough to have it fall under the GDPR.

I.... think you're being obtuse. If EU citizens can access your business site, you will be required to either deny them access, or to fit your site to GDPR's restrictions.

They are asking the obvious and relevant follow-up question.

The EU Legislative Assembly has, seemingly, written a law that purports to provide universal protection to its citizens. Great.

How are its citizens going to enforce their universal protection?

In an European court? What European court has power to make an order requiring a foreign-based company comply with European law? This isn't Google, who can be sued in Europe as they do business in Europe. This is an LLC in Texas with a server in Oregon.

In a US court? What standing does a EU citizen have? What US court is going to make an order to comply with a foreign law?

It sounds like the EU Legislative Assembly has oversold something to its citizens.

Sylvermynx

witchdoctor wrote: »

Sylvermynx wrote: »

Alinhbo_Tyaka wrote: »

Elwendryll wrote: »

By the way, it does not matter where the server is located. The EU laws on data privacy applie to the data of EU citizens. So if a website collects the data of EU citizens, they have to be GDPR compliant for the EU citizens. Some companies like discord just chose to make the EU standards apply to their customers worldwide.

I know it's quite complicated and not obvious for non-european, but this thread is full of assumptions. And it looks like most people don't read the previous comments in this thread, there are answers. And yes, a username is definitely personal data.

If I do not have a business presence in the EU and I do not have any servers located in the EU I do not have to comply with GDPR. The mere fact that the website can be accessed by an EU citizen is not enough to have it fall under the GDPR.

I.... think you're being obtuse. If EU citizens can access your business site, you will be required to either deny them access, or to fit your site to GDPR's restrictions.

They are asking the obvious and relevant follow-up question.

The EU Legislative Assembly has, seemingly, written a law that purports to provide universal protection to its citizens. Great.

How are its citizens going to enforce their universal protection?

In an European court? What European court has power to make an order requiring a foreign-based company comply with European law? This isn't Google, who can be sued in Europe as they do business in Europe. This is an LLC in Texas with a server in Oregon.

In a US court? What standing does a EU citizen have? What US court is going to make an order to comply with a foreign law?

It sounds like the EU Legislative Assembly has oversold something to its citizens.

Well, yeah, I get that. But the bottom line outside EU is to not depend on that - in other words, in the US, you'd better make sure your site is compliant with GDPR (because, obviously, if you have made it so, you aren't likely to get strung out to dry....)

Of course, there are many countries where people do "business" who simply won't bother with GDPR any more than they do with copyright....

witchdoctor

Sylvermynx wrote: »

witchdoctor wrote: »

Sylvermynx wrote: »

Alinhbo_Tyaka wrote: »

Elwendryll wrote: »

By the way, it does not matter where the server is located. The EU laws on data privacy applie to the data of EU citizens. So if a website collects the data of EU citizens, they have to be GDPR compliant for the EU citizens. Some companies like discord just chose to make the EU standards apply to their customers worldwide.

I know it's quite complicated and not obvious for non-european, but this thread is full of assumptions. And it looks like most people don't read the previous comments in this thread, there are answers. And yes, a username is definitely personal data.

If I do not have a business presence in the EU and I do not have any servers located in the EU I do not have to comply with GDPR. The mere fact that the website can be accessed by an EU citizen is not enough to have it fall under the GDPR.

I.... think you're being obtuse. If EU citizens can access your business site, you will be required to either deny them access, or to fit your site to GDPR's restrictions.

They are asking the obvious and relevant follow-up question.

The EU Legislative Assembly has, seemingly, written a law that purports to provide universal protection to its citizens. Great.

How are its citizens going to enforce their universal protection?

In an European court? What European court has power to make an order requiring a foreign-based company comply with European law? This isn't Google, who can be sued in Europe as they do business in Europe. This is an LLC in Texas with a server in Oregon.

In a US court? What standing does a EU citizen have? What US court is going to make an order to comply with a foreign law?

It sounds like the EU Legislative Assembly has oversold something to its citizens.

Well, yeah, I get that. But the bottom line outside EU is to not depend on that - in other words, in the US, you'd better make sure your site is compliant with GDPR (because, obviously, if you have made it so, you aren't likely to get strung out to dry....)

Of course, there are many countries where people do "business" who simply won't bother with GDPR any more than they do with copyright....

I don't know if that was a typo, but, no, a US company is not going to be 'strung out to dry' simply for not complying with the GDPR, if, as apparently the case with this one, it does not do business in the EU.

If you cannot enforce the right, it may as well not exist.

templesus

Thing is there are several websites that are also not GDPR compliant and don’t care to do anything about it because the law is seldomly enforced especially with smaller sites. So even if it’s not compliant, it is still in that “grey area” of whether or not any action will actually be taken against it.

I work for Apple and have to handle GDPR related issues every day. I would be remiss if I didn’t say that with 99% certainty @Kihra you have nothing to worry about.

Sylvermynx

witchdoctor wrote: »

Sylvermynx wrote: »

witchdoctor wrote: »

Sylvermynx wrote: »

Alinhbo_Tyaka wrote: »

Elwendryll wrote: »

By the way, it does not matter where the server is located. The EU laws on data privacy applie to the data of EU citizens. So if a website collects the data of EU citizens, they have to be GDPR compliant for the EU citizens. Some companies like discord just chose to make the EU standards apply to their customers worldwide.

I know it's quite complicated and not obvious for non-european, but this thread is full of assumptions. And it looks like most people don't read the previous comments in this thread, there are answers. And yes, a username is definitely personal data.

If I do not have a business presence in the EU and I do not have any servers located in the EU I do not have to comply with GDPR. The mere fact that the website can be accessed by an EU citizen is not enough to have it fall under the GDPR.

I.... think you're being obtuse. If EU citizens can access your business site, you will be required to either deny them access, or to fit your site to GDPR's restrictions.

They are asking the obvious and relevant follow-up question.

The EU Legislative Assembly has, seemingly, written a law that purports to provide universal protection to its citizens. Great.

How are its citizens going to enforce their universal protection?

In an European court? What European court has power to make an order requiring a foreign-based company comply with European law? This isn't Google, who can be sued in Europe as they do business in Europe. This is an LLC in Texas with a server in Oregon.

In a US court? What standing does a EU citizen have? What US court is going to make an order to comply with a foreign law?

It sounds like the EU Legislative Assembly has oversold something to its citizens.

Well, yeah, I get that. But the bottom line outside EU is to not depend on that - in other words, in the US, you'd better make sure your site is compliant with GDPR (because, obviously, if you have made it so, you aren't likely to get strung out to dry....)

Of course, there are many countries where people do "business" who simply won't bother with GDPR any more than they do with copyright....

I don't know if that was a typo, but, no, a US company is not going to be 'strung out to dry' simply for not complying with the GDPR, if, as apparently the case with this one, it does not do business in the EU.

If you cannot enforce the right, it may as well not exist.

Eh, I tend to cover bases. I have a small game-oriented forum. The active members number 12. Four of those are resident in EU (well, one's in Britain, so who knows with Brexit up in the air still). I choose to try my best to make my tiny little non-business site compliant - so that my EU members don't have to look over their shoulders.

Now, that's not a big thing for me - but of course for larger business sites, yes, it's a huge deal.

I agree though about your last statement. Thing is.... we don't know yet how messy the enforcement may get.

witchdoctor

The comment above that the hypothetically-aggrieved EU citizen has to seek their redress through ZOS is interesting.

Can they? If so, how?

My random not-in-the-shower train of thought:

• ESO is an online service
• As an online service, it evolves
• ZOS adds a functionality to allow combat logging
• ZOS makes the users of its service aware of its new functionality
• EU player actively logs into the service

There may be a distinction between the collection of cookies and private data by your coming to Ferrari's website, and you actively logging into an online service which has made you aware that other users can log certain in-game data.

Meaning, your GDPR 'protection' is, 'do not use my service.'

Sylvermynx

witchdoctor wrote: »

The comment above that the hypothetically-aggrieved EU citizen has to seek their redress through ZOS is interesting.

Can they? If so, how?

My random not-in-the-shower train of thought:

• ESO is an online service
• As an online service, it evolves
• ZOS adds a functionality to allow combat logging
• ZOS makes the users of its service aware of its new functionality
• EU player actively logs into the service

There may be a distinction between the collection of cookies and private data by your coming to Ferrari's website, and you actively logging into an online service which has made you aware that other users can log certain in-game data.

Meaning, your GDPR 'protection' is, 'do not use my service.'

Truth. And that's the bottom line, isn't it? The default needs to be OFF, not just Anonymous.

Ydrisselle

Kittenhood wrote: »

Ydrisselle wrote: »

VaranisArano wrote: »

Ydrisselle wrote: »

Kittenhood
Yes, you won't find yourself on ESOLogs yet - because right now it's only working on the PTS, and only from yesterday. So I'm sure you didn't raid together with anyone on the live servers who are using it, since nobody can do that now

In addition, during the PTS, all logs are private.

I know It's still hilarious that somebody is defending the current default setting without even know that it doesn't work on live servers.

I don't know if you were referring to me, but I was never defending anything.

Although I agree wholeheartedly with Ydrisselle's "the default setting should be 'anonymous' for everyone" sentiment - allow people to opt out of this logging - not because it isn't GDPR compliant, which is a crock of bull. But because in a pick-up group Trial setting (non-veteran) we don't need more toxic players than there are already.

And Ydrisselle also may have a point with the PTS thing - I've done only a couple of veteran trials in the past few days on the PTS, which if this ESOLogs service went up yesterday would explain why I can't 'search myself' yet.

Thank you.

@Kittenhood

There is one more reason why you can't find yourself on ESOLogs: right now every uploaded log file is set to Private, and none of them are Public, so you can only see your uploaded data. That will change after Elsweyr hit the live servers.

Alinhbo_Tyaka

Sylvermynx wrote: »

Alinhbo_Tyaka wrote: »

Elwendryll wrote: »

By the way, it does not matter where the server is located. The EU laws on data privacy applie to the data of EU citizens. So if a website collects the data of EU citizens, they have to be GDPR compliant for the EU citizens. Some companies like discord just chose to make the EU standards apply to their customers worldwide.

I know it's quite complicated and not obvious for non-european, but this thread is full of assumptions. And it looks like most people don't read the previous comments in this thread, there are answers. And yes, a username is definitely personal data.

If I do not have a business presence in the EU and I do not have any servers located in the EU I do not have to comply with GDPR. The mere fact that the website can be accessed by an EU citizen is not enough to have it fall under the GDPR.

I.... think you're being obtuse. If EU citizens can access your business site, you will be required to either deny them access, or to fit your site to GDPR's restrictions.

Not obtuse at all. GDPR requires that you are intending to do business in the EU.

As an example, I have a US based company and website that ships widgets worldwide. The website is in American English and all prices are denoted in dollars. In this case I am not doing anything to market to people in the EU and if an EU citizen were to order from me I am under no obligation to comply with GDPR. On the other hand if I provide national language support for European languages and denote sales in Euros or other EU currencies I am considered doing business in the EU and am expected to comply with GDPR.

While I agree with the idea behind GDPR it is a bureaucratic nightmare. Without treaties the EU cannot enforce conformance outside of the EU borders. In the case of the US they could try going through US courts to collect any EU fines from businesses that have not signed onto the SHIELD agreement but that is iffy and will be expensive. I've read some legal forums where the consensus is 50/50 that the SHIELD agreement could be shot down in the US courts. You also have countries that have stated they will not allow enforcement of GDPR on their citizens as it impinges on their sovereignty. For many smaller websites and businesses they've just decided the path of least resistance is to just not allow access from EU countries.

Alinhbo_Tyaka

Sylvermynx wrote: »

witchdoctor wrote: »

The comment above that the hypothetically-aggrieved EU citizen has to seek their redress through ZOS is interesting.

Can they? If so, how?

My random not-in-the-shower train of thought:

• ESO is an online service
• As an online service, it evolves
• ZOS adds a functionality to allow combat logging
• ZOS makes the users of its service aware of its new functionality
• EU player actively logs into the service

There may be a distinction between the collection of cookies and private data by your coming to Ferrari's website, and you actively logging into an online service which has made you aware that other users can log certain in-game data.

Meaning, your GDPR 'protection' is, 'do not use my service.'

Truth. And that's the bottom line, isn't it? The default needs to be OFF, not just Anonymous.

Which has been my take throughout this whole thing.

JumpmanLane

anitajoneb17_ESO wrote: »

Kikke wrote: »

Singel player gamers... Hold out for TES6 please. Logs are good for any MMO.

Do you really want ZOS to go bankrupt and the ESO servers to be shut down ?

before my rights were violated! YES!

Jeremy

linlilia wrote: »

Jeremy wrote: »

lordrichter wrote: »

Heelie wrote: »

the amount of people not understanding EU law is......

...pretty much everyone.

Jeremy wrote: »

This shouldn't matter because the responsibility of the GDPR falls squarely on the collectors and controllers of the personal data themselves - which in this case would be ZoS because they are the ones collecting this data and making it available to 3rd party websites. The GDPR is pretty specific here and states clearly these protections still apply even if the data is being shared with 3rd parties outside of the EEA (European Economic Area).

You're right that the legal recourse would be through ZoS. But I don't really see how that affects the overall debate.

It should be interesting how this plays out from a GDPR perspective.

I'm skeptical that character names on a video game will be interpreted as personal data. The question becomes less obvious to me when it's the account name in question or the person's in-game activities. It's an interesting debate in any case as you say. Ultimately someone over there in Europe is going to have to decide what constitutes personal data and what doesn't. That's why I've said from the beginning that's really what the crux of this debate is all about.

I would say that our user names do qualify, because they are linked to an email and in most cases bank accounts, whether they are located easily or not that is not the point. Also our usernames are Unique, no one can have the same one, same with character names, although they can be changed does not mean that they are not tied to our personal information. Also if you are playing with people that you know who says that in chat during a dungeon they don't use your real name or other real information? We are not always smart about separating our personal lives and game lives, also what if they link a discord, teamspeak, or facebook page that does have your information?

I'm not sure what you mean when you say user names. The reason I am skeptical that character names would apply is because those are names of fictional characters on a video game. They aren't your personal names. For example: could ZoS be sued if someone on the EU server is streaming a live game session because it shows the names of other people's characters on the screen for everyone on the channel to see without their explicit permission? I doubt it. Your argument they could be used to track down your personal information therefore constitute personal data is creative. But I'm skeptical a Judge would buy it.

Now if by user name you mean your account name/user ID that's different. I believe a reasonable argument could be made that's personal information - since it's directly tied to your personal account and could be used to aid someone in hacking into your information. I always thought it was a mistake for ZoS to make account names so visible during the game play.

As to your question: I would imagine that would depend on whether or not the linked page contained any personal data or not. Like I've been saying through-out this debate, this all boils down to what is considered personal data and what isn't.

FierceSam

ZOS_RogerJ wrote: »

Greetings! Just a friendly reminder, to keep the thread civil, constructive and on-topic. Remember, it’s okay and very normal to disagree with others, and even to debate, but provoking conflict, baiting, inciting, mocking, etc. is never acceptable in the official The Elder Scrolls Online community.

No, we are going to leave that to this badly implemented tool, which allows someone else to secretly record your activities and post them to an external server for them to bait, hate on and humiliate there.

Jhalin

FierceSam wrote: »

ZOS_RogerJ wrote: »

Greetings! Just a friendly reminder, to keep the thread civil, constructive and on-topic. Remember, it’s okay and very normal to disagree with others, and even to debate, but provoking conflict, baiting, inciting, mocking, etc. is never acceptable in the official The Elder Scrolls Online community.

No, we are going to leave that to this badly implemented tool, which allows someone else to secretly record your activities and post them to an external server for them to bait, hate on and humiliate there.

In .001% of cases maybe

Meanwhile the overwhelming 99.999% of usage will be for self or group improvement

[edit]

[edited for bashing comment]

Jeremy

Jhalin wrote: »

FierceSam wrote: »

ZOS_RogerJ wrote: »

Greetings! Just a friendly reminder, to keep the thread civil, constructive and on-topic. Remember, it’s okay and very normal to disagree with others, and even to debate, but provoking conflict, baiting, inciting, mocking, etc. is never acceptable in the official The Elder Scrolls Online community.

No, we are going to leave that to this badly implemented tool, which allows someone else to secretly record your activities and post them to an external server for them to bait, hate on and humiliate there.

In .001% of cases maybe

Meanwhile the overwhelming 99.999% of usage will be for self or group improvement

No one cares enough to record every stupid pug run on the off chance someone will be bad enough to warrant more than an offhanded comment to their buddy later about the mess of a dungeon run. They won’t even remember your character name, much less your account name.

Get over your bloated sense of self-importance and throw your paranoia in the garbage

I wish I could agree with you. But sadly I don't.

I expect there will be countless websites, posts and videos made devoted entirely to analyzing the logs of players they encounter during pugs so they can make fun of them online. Even among guilds I believe they will become contentious. But I could be wrong. We'll see. ^^

Jhalin

Jeremy wrote: »

Jhalin wrote: »

FierceSam wrote: »

ZOS_RogerJ wrote: »

Greetings! Just a friendly reminder, to keep the thread civil, constructive and on-topic. Remember, it’s okay and very normal to disagree with others, and even to debate, but provoking conflict, baiting, inciting, mocking, etc. is never acceptable in the official The Elder Scrolls Online community.

No, we are going to leave that to this badly implemented tool, which allows someone else to secretly record your activities and post them to an external server for them to bait, hate on and humiliate there.

In .001% of cases maybe

Meanwhile the overwhelming 99.999% of usage will be for self or group improvement

No one cares enough to record every stupid pug run on the off chance someone will be bad enough to warrant more than an offhanded comment to their buddy later about the mess of a dungeon run. They won’t even remember your character name, much less your account name.

Get over your bloated sense of self-importance and throw your paranoia in the garbage

I wish I could agree with you. But sadly I don't.

I expect there will be countless websites, posts and videos made devoted entirely to analyzing the logs of players they encounter during pugs so they can make fun of them online. Even among guilds I believe they will become contentious. But I could be wrong. We'll see. ^^

Ok dude, maybe you missed it, but recording a log requires you decide to do so and start it beforehand. Nothing is automatically logged. These logs do not show account names, only character names. These logs will only apply numbers to what is already observable.

Obviously someone can tell if they’re the only one with good dps. They can see if there’s any orbs or shards being provided. They can see if the tank is taunting the boss or letting it run free. They can see if mobs are dying or if they’re not.

If someone gets reamed over a bad performance, it’s not gonna be this tool that caused it. ESO character names floating in the void of the internet are no more dangerous than a neopets pet name of yesteryear.

If a guild competes amongst themselves and points out weak points, that is intended and beneficial so people can actually improve.

Elsonso

Jeremy wrote: »

linlilia wrote: »

Jeremy wrote: »

lordrichter wrote: »

Heelie wrote: »

the amount of people not understanding EU law is......

...pretty much everyone.

Jeremy wrote: »

This shouldn't matter because the responsibility of the GDPR falls squarely on the collectors and controllers of the personal data themselves - which in this case would be ZoS because they are the ones collecting this data and making it available to 3rd party websites. The GDPR is pretty specific here and states clearly these protections still apply even if the data is being shared with 3rd parties outside of the EEA (European Economic Area).

You're right that the legal recourse would be through ZoS. But I don't really see how that affects the overall debate.

It should be interesting how this plays out from a GDPR perspective.

I'm skeptical that character names on a video game will be interpreted as personal data. The question becomes less obvious to me when it's the account name in question or the person's in-game activities. It's an interesting debate in any case as you say. Ultimately someone over there in Europe is going to have to decide what constitutes personal data and what doesn't. That's why I've said from the beginning that's really what the crux of this debate is all about.

I would say that our user names do qualify, because they are linked to an email and in most cases bank accounts, whether they are located easily or not that is not the point. Also our usernames are Unique, no one can have the same one, same with character names, although they can be changed does not mean that they are not tied to our personal information. Also if you are playing with people that you know who says that in chat during a dungeon they don't use your real name or other real information? We are not always smart about separating our personal lives and game lives, also what if they link a discord, teamspeak, or facebook page that does have your information?

I'm not sure what you mean when you say user names. The reason I am skeptical that character names would apply is because those are names of fictional characters on a video game. They aren't your personal names. For example: could ZoS be sued if someone on the EU server is streaming a live game session because it shows the names of other people's characters on the screen for everyone on the channel to see without their explicit permission? I doubt it. Your argument they could be used to track down your personal information therefore constitute personal data is creative. But I'm skeptical a Judge would buy it.

Now if by user name you mean your account name/user ID that's different. I believe a reasonable argument could be made that's personal information - since it's directly tied to your personal account and could be used to aid someone in hacking into your information. I always thought it was a mistake for ZoS to make account names so visible during the game play.

As to your question: I would imagine that would depend on whether or not the linked page contained any personal data or not. Like I've been saying through-out this debate, this all boils down to what is considered personal data and what isn't.

In this game, the character and account names on a particular server are unique to you. No one else has the same account name on the platform you are on. No one on the server has the same character name. Both can be changed, but they don't change without some sort of action on the part of the player. This makes them a risk for being personal data. They fall under the definition of "online identifier".

The real key here seems to be whether the character and account name meet the definition of anonymous.