GDPR Compliance Question

[Legonist]

So I thought I would just drop in to inquire if anyone here or even a developer knew anything about LOTRO's current status on its GDPR (General Data Protection Regulation) for the European Union. As LOTRO does operate in the EU they would have to be GDPR compliance by the deadline which is May 25th. I just thought I would ask as not all people are aware of the situation and infringing on GDPR provisions can come with fines that do reach into the Millions of Euros (i want to say its like 10 Million at the lowest but short of siting non GDPR websites I cant give a specific number). I haven't payed specific attention to the forums in the past months as I am on another hiatus but as someone who keeps up to date on cybersecurity news I thought I would just drop in and inquire on this topic.

[Yarbro]

So I thought I would just drop in to inquire if anyone here or even a developer knew anything about LOTRO's current status on its GDPR (General Data Protection Regulation) for the European Union. As LOTRO does operate in the EU they would have to be GDPR compliance by the deadline which is May 25th. I just thought I would ask as not all people are aware of the situation and infringing on GDPR provisions can come with fines that do reach into the Millions of Euros (i want to say its like 10 Million at the lowest but short of siting non GDPR websites I cant give a specific number). I haven't payed specific attention to the forums in the past months as I am on another hiatus but as someone who keeps up to date on cybersecurity news I thought I would just drop in and inquire on this topic.

All they have to do is copy what FarceBook has done, and announce everybody is their own Data Compliance Officer, responsible for their own data.

(No, this isnt a joke; yes it is a farce; no, I am not making it up).

[Dinara]

All they have to do is copy what FarceBook has done, and announce everybody is their own Data Compliance Officer, responsible for their own data.

(No, this isnt a joke; yes it is a farce; no, I am not making it up).

So basically, if someone posts personal information that a website has asked for, and that website gets hacked, it's the persons own fault for answering the question in the first place?

[Legonist]

All they have to do is copy what FarceBook has done, and announce everybody is their own Data Compliance Officer, responsible for their own data.

(No, this isnt a joke; yes it is a farce; no, I am not making it up).

I mean Facebook is still hiring their own Data Protection Officer who's duties entail "The Data Protection Officer will, in accordance with Article 39 of the GDPR, be responsible for, among other duties. Monitoring compliance with the GDPR, European and national data protection laws and Facebook policies, including conducting regular internal compliance checks. Consulting and engaging with relevant Data Protection Authorities, including ensuring regular briefings and maintaining accurate and up-to-date records demonstrating Facebook’s GDPR compliance" but as a long document I am sure GDPR has many loopholes.

[Beorthnoth]

Some of the personal data held falls into the category of essential for operations - that being the data needed to allow an account to be set up. That data doesn't need a user opt-in under GDPR. I would imagine they would need to get opt-in consent for sending e-mails etc.

[Macdui]

I hope this will mean the WBs "new game out" spam emails I get will stop. I don't want to know anything about their games. I can un-sub for that game but all my attempts to get removed from WB Games entirely have failed.

We are supposed to be in this new big data AI world yet they can't take a hint. If you buy something you get targeted for the item you already have now. I clicked on an official streamer's channel and I'm paranoid I'm going to get dressing up sims games spam... arrrggh

Not sure SSG is even interested in our data (or opinions). Not sure about Daybreak and their Terms and Conditions, did I even read them?

I imagine the lawyers are happy. Contract and ToC changes fees or litigation, win win.

Mac

[Yarbro]

I mean Facebook is still hiring their own Data Protection Officer who's duties entail "The Data Protection Officer will, in accordance with Article 39 of the GDPR, be responsible for, among other duties. Monitoring compliance with the GDPR, European and national data protection laws and Facebook policies, including conducting regular internal compliance checks. Consulting and engaging with relevant Data Protection Authorities, including ensuring regular briefings and maintaining accurate and up-to-date records demonstrating Facebook’s GDPR compliance" but as a long document I am sure GDPR has many loopholes.

They have to, the new law requires it; however a recent privacy update they released does put the onus entirely on the users to police their own data; I read the news report on a couple of different news sites a few weeks ago - where they tore it to shreds.

BTW, When Farcebook say they will give you copies of the data they have collected on you - apparently it is only the data THEY have collected, they are not releasing the data they have BOUGHT from, or had shared by, 3rd parties. THAT came out a couple of days ago.

[Cordovan]

We intend to meet the GDPR requirements by the deadline.

[Valamar]

I hope this will mean the WBs "new game out" spam emails I get will stop. I don't want to know anything about their games. I can un-sub for that game but all my attempts to get removed from WB Games entirely have failed.

Interestingly, it seems that WB games itself no longer exists.

"wbgames.com" is a dead website, referring you now to www.warnerbros.com and www.harrypotter.com!

I guess their Game of Thrones cratered as quickly as did that other MOBA disaster that Turbine developed for them.

[Macdui]

Thanks for that

Finally we're back to the old run of the mill hackers to worry about and the corporate ones aren't an issue.

Yeah, right.

Mac

[Derquin]

We intend to meet the GDPR requirements by the deadline.

Since the deadline isn't that far in the future anymore I hope you are still on track for it.

[Dinara]

Since the deadline isn't that far in the future anymore I hope you are still on track for it.

According to the announcement about server maintenance on Wednesday, they are doing it then.

[Derquin]

According to the announcement about server maintenance on Wednesday, they are doing it then.

Just seen it. This time I'm quite happy about maintenance downtime given the alternative.

[LabadalofDorlomin]

I hope this will mean the WBs "new game out" spam emails I get will stop.

Under this ruling, if you ask them to remove you from mailing lists, they now HAVE to comply. (Action on your part is the key here)

It will likely remain the same as before with regards to "accept the terms of conditions - click here" and you will be auto enrolled in a whole host things your personal data really shouldn't be without your complete understanding. The difference is now, if a company follows the rules, you have the right to have your non essential data removed and all essential data only used for the purposes for which the company needs to control your account.

So, on the 26th fire over an email to whom it is and cross your fingers

[Thurallor]

Under this ruling, if you ask them to remove you from mailing lists, they now HAVE to comply. (Action on your part is the key here)

Of course that doesn't prevent the other companies from spamming you -- the ones who bought the e-mail list before you ever received an e-mail.

[Yarbro]

Of course that doesn't prevent the other companies from spamming you -- the ones who bought the e-mail list before you ever received an e-mail.

I am getting emails from people I have NEVER heard of before, asking me to confirm email settings for GDPR.

Slovakian Tourist Board anyone?? Getting repeat emails every few days despite never ever having any interest in the country.

[Arabani]

I hope there will be no changes, no additional difficulties or agreements for non-EU citizens.

[Thorondir]

Of course that doesn't prevent the other companies from spamming you -- the ones who bought the e-mail list before you ever received an e-mail.

for selling your email they would have needed your explicit agreement. if they dont have it, they are not in compliance with the GDPR which aint good for them.

[Yarbro]

It must be D Day, woke up to find my InBox full of requests, most from companies I havent had dealings with in years, some in decades; and one ISP whom I told to "Go Forth and Multiply" many years ago. If THEY contact me again, I will gleefully report them in the hope they get fined out of existence.

[Altair6]

"In other words, if the business had consent to communicate with you before GDPR, that consent probably carries over, and even if it doesn’t carry over, there are five other reasons a company can cite for continuing to process data.

What’s more, Vitale said, if the business really does lack the necessary consent to communicate with you, it probably lacks the consent even to email to ask you to give it that consent."

After reading this opinion on all these emails in The Guardian I'm finding them all rather amusing.

https://www.theguardian.com/technolo...al-say-experts

[djheydt]

It must be D Day, woke up to find my InBox full of requests, most from companies I havent had dealings with in years, some in decades; and one ISP whom I told to "Go Forth and Multiply" many years ago. If THEY contact me again, I will gleefully report them in the hope they get fined out of existence.

Heh. Why do I get the feeling that what you actually told them was couched in shorter words?

[Nymphonic]

It must be D Day, woke up to find my InBox full of requests, most from companies I havent had dealings with in years, some in decades; and one ISP whom I told to "Go Forth and Multiply" many years ago. If THEY contact me again, I will gleefully report them in the hope they get fined out of existence.

Heh. Why do I get the feeling that what you actually told them was couched in shorter words?

You two remind me of America Online in the 90s. I canceled my membership with them, and ended up having to change my bank account number because they kept charging me. And I ended up telling them to "Go Forth and Multiply" when they kept sending me letters saying I owed them money....

[Yarbro]

Any shorter version would get censored.

These days I might say "tomada", on the basis that PuTongGua swear words written in Pinyin are unlikely to be noticed.

[Trendafil]

LOTRO Store now asks us to give consent to their processing our personal data. (At the bottom of the page, when you open the store.)
The consent contains - among many others - these interesting lines:

"3) Xsolla may process my personal data: a) to provide me with targeted advertising and b) to perform profiling.
4) Xsolla may disclose my personal data to the third parties and may transfer my personal data to the countries where these third parties are located (including the third countries) so that these third parties may process my personal data: a) for conventional direct marketing and other forms of marketing or advertisement, b) for marketing research, c) to provide me with targeted advertising and d) to perform profiling.
“Personal data” means:
my identity and contact details: date of birth, age, sex, nickname, proile picture, address, postal code, billing information;"


What happens when I click "disagree" in the in-game store?

[Altair6]

GDPR noncompliance complaints have started already.

"Across four complaints, related to Facebook, Instagram, WhatsApp and Google’s Android operating system, European consumer rights organisation Noyb argues that the companies have forced users into agreeing to new terms of service, in breach of the requirement in the law that such consent should be freely given."

https://www.theguardian.com/technolo...onsumer-rights