Consumer Rights Wiki

Ubisoft in-game data collection GDPR complaint (2025): Difference between revisions

← Older editNewer edit →
VisualWikitext
complete rewrite, was a stub with 3 citations and broken chronology. sourced everything from the noyb complaint pdf, added background on ubisoft's drm history, the crew shutdown, network traffic analysis details, and ubisoft's response. killed the slop.
correcting things to make sure that the citations fit the article text and support it properly. reworded a couple of things for tone/neutrality. Will change the title after
Line 11: Line 11:
|ArticleType=Product
|ArticleType=Product
|Type=Privacy
|Type=Privacy
|Description=Ubisoft forces single-player games online to collect player data; NOYB filed GDPR complaint after user found 150 DNS packages sent in 10 minutes
|Description=Ubisoft forces single-player games online to collect player data; NOYB filed GDPR complaint after user found 150 DNS packages sent in 10 minutes during a single player game
}}
}}
'''Ubisoft forces players in single-player games to be connected to the internet to collect data.''' In September 2024, a player who purchased ''Far Cry Primal'' on Steam discovered that the game would not launch without logging into a [[Ubisoft]] account, despite the game having no online features. The player monitored network traffic during a 10-minute session and found 150 DNS queries and responses exchanged with external servers including Google, Amazon, and Datadog<ref name="noyb-complaint">{{Cite web |url=https://noyb.eu/sites/default/files/2025-04/Ubisoft_complaint_EN_redacted.pdf |title=Complaint against Ubisoft: Article 6 GDPR (Case C-098) |author=NOYB |date=2025-04-24 |access-date=2026-03-27 |website=noyb.eu |url-status=live |archive-url=https://web.archive.org/web/20250424083407/https://noyb.eu/sites/default/files/2025-04/Ubisoft_complaint_EN_redacted.pdf |archive-date=2025-04-24}}</ref>. On 24 April 2025, [[NOYB]] filed a [[GDPR]] complaint with the Austrian Data Protection Authority on the player's behalf, alleging that Ubisoft collects personal data without a valid legal basis<ref name="noyb-press">{{Cite web |url=https://noyb.eu/en/play-alone-ubisoft-still-watching-you |title=Like to play alone? Ubisoft is still watching you! |author=NOYB |date=2025-04-24 |access-date=2026-03-27 |website=noyb.eu |url-status=live |archive-url=https://web.archive.org/web/20250424092126/https://noyb.eu/en/play-alone-ubisoft-still-watching-you |archive-date=2025-04-24}}</ref>.
In September 2024, a player who purchased ''Far Cry Primal'' on Steam discovered that the game would not launch without logging into a [[Ubisoft]] account, despite the game having no online features. The player monitored network traffic during a 10-minute session and found 150 DNS queries and responses exchanged with external servers including Google, Amazon, and Datadog<ref name="noyb-complaint">{{Cite web |url=https://noyb.eu/sites/default/files/2025-04/Ubisoft_complaint_EN_redacted.pdf |title=Complaint against Ubisoft: Article 6 GDPR (Case C-098) |author=NOYB |date=2025-04-24 |access-date=2026-03-27 |website=noyb.eu |url-status=live |archive-url=https://web.archive.org/web/20250424083407/https://noyb.eu/sites/default/files/2025-04/Ubisoft_complaint_EN_redacted.pdf |archive-date=2025-04-24}}</ref>. On 24 April 2025, [[NOYB]] filed a [[GDPR]] complaint with the Austrian Data Protection Authority on the player's behalf, alleging that Ubisoft collects personal data without a valid legal basis<ref name="noyb-press">{{Cite web |url=https://noyb.eu/en/play-alone-ubisoft-still-watching-you |title=Like to play alone? Ubisoft is still watching you! |author=NOYB |date=2025-04-24 |access-date=2026-03-27 |website=noyb.eu |url-status=live |archive-url=https://web.archive.org/web/20250424092126/https://noyb.eu/en/play-alone-ubisoft-still-watching-you |archive-date=2025-04-24}}</ref>.


== Background ==
== Background ==


Ubisoft Connect (formerly Uplay) is Ubisoft's proprietary launcher and digital rights management client. Even when a player buys a Ubisoft game through a third-party store like Steam, the game forces installation of Ubisoft Connect and requires an account login before it will start<ref name="noyb-press" />. This applies to titles with no multiplayer or online features.
Ubisoft Connect (formerly Uplay) is Ubisoft's proprietary launcher and digital rights management client. Even when a player buys a Ubisoft game through a third-party store like Steam, the game requires installation of Ubisoft Connect and an account login before it will start<ref name="noyb-press" />. This applies to titles with no multiplayer or online features.


Ubisoft has a long history of always-online DRM. In 2010, the company required a persistent internet connection to play ''Assassin's Creed II'' and ''Silent Hunter 5'' on PC. A denial-of-service attack on Ubisoft's authentication servers that March disrupted access to single-player games for legitimate buyers<ref name="guardian-2010">{{Cite web |date=2010-03-09 |title=Ubisoft apologises after attackers block games |url=https://www.theguardian.com/technology/2010/mar/09/ubisoft-drm |access-date=2026-03-27 |website=The Guardian}}</ref>. Ubisoft dropped the persistent connection requirement in 2011, replacing it with a one-time launch check<ref name="gamedeveloper">{{Cite web |last=Parkin |first=Simon |date=2011-01-04 |title=Ubisoft Removes Constant Online Authentication DRM For PC Games |url=https://www.gamedeveloper.com/game-platforms/ubisoft-removes-constant-online-authentication-drm-for-pc-games |access-date=2026-03-27 |website=Game Developer}}</ref>. In September 2012, Ubisoft's Chris Early confirmed the company would no longer use always-online DRM. "They're more inconvenient to our paying customers, so in listening to our players, we removed them," Early said in an interview<ref name="slashdot-2012">{{Cite web |date=2012-09-05 |title=Ubisoft Ditches Always-Online DRM Requirement From PC Games |url=https://games.slashdot.org/story/12/09/05/1716230/ubisoft-ditches-always-online-drm-requirement-from-pc-games |access-date=2026-03-27 |website=Slashdot}}</ref>.
Ubisoft has a long history of always-online DRM. In 2010, the company required a persistent internet connection to play ''Assassin's Creed II'' and ''Silent Hunter 5'' on PC. A denial-of-service attack on Ubisoft's authentication servers that March disrupted access to single-player games for legitimate buyers<ref name="guardian-2010">{{Cite web |date=2010-03-09 |title=Ubisoft apologises after attackers block games |url=https://www.theguardian.com/technology/2010/mar/09/ubisoft-drm |access-date=2026-03-27 |website=The Guardian}}</ref>. Ubisoft dropped the persistent connection requirement in 2011, replacing it with a one-time launch check<ref name="gamedeveloper">{{Cite web |last=Parkin |first=Simon |date=2011-01-04 |title=Ubisoft Removes Constant Online Authentication DRM For PC Games |url=https://www.gamedeveloper.com/game-platforms/ubisoft-removes-constant-online-authentication-drm-for-pc-games |access-date=2026-03-27 |website=Game Developer}}</ref>. In September 2012, Ubisoft's Chris Early confirmed the company would no longer use always-online DRM. "They're more inconvenient to our paying customers, so in listening to our players, we removed them," Early said in an interview<ref name="slashdot-2012">{{Cite web |date=2012-09-05 |title=Ubisoft Ditches Always-Online DRM Requirement From PC Games |url=https://games.slashdot.org/story/12/09/05/1716230/ubisoft-ditches-always-online-drm-requirement-from-pc-games |access-date=2026-03-27 |website=Slashdot}}</ref>.


The company reversed that commitment with ''The Crew'' in 2014, which required a constant connection even for its single-player campaign. When Ubisoft shut down ''The Crew'' servers on 31 March 2024, the game became permanently unplayable<ref name="vgc-crew">{{Cite web |date=2024-08-20 |title=Ubisoft says players suing over The Crew shutdown shouldn't have expected to own the game forever |url=https://www.videogameschronicle.com/news/ubisoft-says-players-suing-over-the-crew-shutdown-shouldnt-have-expected-to-own-the-game-forever/ |access-date=2026-03-27 |website=VGC}}</ref>. The shutdown prompted the "Stop Killing Games" European Citizens' Initiative, which collected over 1.29 million verified signatures demanding laws that require publishers to leave games in a playable state<ref name="pcgamer-skg">{{Cite web |date=2025-06-04 |title=Stop Killing Games' EU initiative hits 1.4 million signatures |url=https://www.pcgamer.com/gaming-industry/game-development/stop-killing-games-eu-initiative-hits-1-4-million-signatures-and-if-at-least-1-million-are-valid-its-off-to-the-european-commission/ |access-date=2026-03-27 |website=PC Gamer}}</ref>.
A notable exception toi this change in policy was ''The Crew'' (2014), which required a constant connection even for its single-player campaign. When Ubisoft shut down ''The Crew'' servers on 31 March 2024, [[Ubisoft#The_Crew_shutdown|the game became permanently unplayable]]<ref name="vgc-crew">{{Cite web |date=2024-08-20 |title=Ubisoft says players suing over The Crew shutdown shouldn't have expected to own the game forever |url=https://www.videogameschronicle.com/news/ubisoft-says-players-suing-over-the-crew-shutdown-shouldnt-have-expected-to-own-the-game-forever/ |access-date=2026-03-27 |website=VGC}}</ref>. The shutdown prompted the "[[Stop Killing Games]]" European Citizens' Initiative, which demanded the implementation of laws that require publishers to leave games in a playable state<ref name="pcgamer-skg">{{Cite web |date=2025-06-04 |title=Stop Killing Games' EU initiative hits 1.4 million signatures |url=https://www.pcgamer.com/gaming-industry/game-development/stop-killing-games-eu-initiative-hits-1-4-million-signatures-and-if-at-least-1-million-are-valid-its-off-to-the-european-commission/ |access-date=2026-03-27 |website=PC Gamer}}</ref>.


== Network traffic analysis ==
== Network traffic analysis ==
Line 48: Line 48:
The complaint also cites Article 5(3) of the e-Privacy Directive (2002/58/EC), which requires user consent before accessing data from their device unless the access is strictly necessary to provide a service the user requested<ref name="noyb-complaint" />. Since ''Far Cry Primal'' has no online features, the data collection doesn't meet this threshold.
The complaint also cites Article 5(3) of the e-Privacy Directive (2002/58/EC), which requires user consent before accessing data from their device unless the access is strictly necessary to provide a service the user requested<ref name="noyb-complaint" />. Since ''Far Cry Primal'' has no online features, the data collection doesn't meet this threshold.


NOYB requested that the DSB declare Ubisoft in violation of Article 6(1), order the deletion of all unlawfully processed personal data, ban the unauthorized tracking, and impose an administrative fine. Based on Ubisoft's annual revenue of over €2 billion, the maximum fine under GDPR Article 83 would be approximately €92 million<ref name="noyb-press" /><ref name="register">{{Cite web |last=Vigliarolo |first=Brandon |date=2025-04-24 |title=Assassin's Creed maker faces GDPR complaint for forcing single-player gamers online |url=https://www.theregister.com/2025/04/24/ubisoft_noyb_complaint/ |access-date=2026-03-27 |website=The Register}}</ref>.
NOYB requested that the DSB declare Ubisoft in violation of Article 6(1), order the deletion of all unlawfully processed personal data, ban the unauthorized data processing, and impose an administrative fine. Based on Ubisoft's annual revenue of over €2 billion, the maximum fine under GDPR Article 83 would be approximately €92 million<ref name="noyb-press" /><ref name="register">{{Cite web |last=Vigliarolo |first=Brandon |date=2025-04-24 |title=Assassin's Creed maker faces GDPR complaint for forcing single-player gamers online |url=https://www.theregister.com/2025/04/24/ubisoft_noyb_complaint/ |access-date=2026-03-27 |website=The Register}}</ref>.


No public decision from the DSB had been reported as of early 2026.
No public decision from the DSB had been reported as of early 2026.
Line 56: Line 56:
Ubisoft responded publicly on 29 April 2025: "We are aware of the complaint and are looking into it. Ubisoft is committed to protecting players' personal data on our websites and games. For games that support offline modes, an Internet connection is required only at the initial launch."<ref name="eurogamer">{{Cite web |last=Phillips |first=Tom |date=2025-04-29 |title=Privacy firm files Ubisoft legal complaint over data collection, forced online in single-player games |url=https://www.eurogamer.net/privacy-firm-files-ubisoft-legal-complaint-over-data-collection-forced-online-in-single-player-games |access-date=2026-03-27 |website=Eurogamer}}</ref>
Ubisoft responded publicly on 29 April 2025: "We are aware of the complaint and are looking into it. Ubisoft is committed to protecting players' personal data on our websites and games. For games that support offline modes, an Internet connection is required only at the initial launch."<ref name="eurogamer">{{Cite web |last=Phillips |first=Tom |date=2025-04-29 |title=Privacy firm files Ubisoft legal complaint over data collection, forced online in single-player games |url=https://www.eurogamer.net/privacy-firm-files-ubisoft-legal-complaint-over-data-collection-forced-online-in-single-player-games |access-date=2026-03-27 |website=Eurogamer}}</ref>


NOYB's response noted that the advertised offline mode did not work for the complainant, and that the network traffic analysis showed data collection during gameplay, not only at launch<ref name="register" />.
NOYB noted that the advertised offline mode did not work for the complainant, and that the network traffic analysis showed data collection over longer periods, not only at launch<ref name="register" />.


== References ==
== References ==
Retrieved from "https://consumerrights.wiki/w/Ubisoft_in-game_data_collection_GDPR_complaint_(2025)"