[bobis]

How much this affect the legality of hosting a game server? Even a vanilla server , without any databases to co-operate can store IP address data of all connected clients to a .log file, if you enable the logging via "log on" command in server.cfg. Are we obliged to introduce a MOTD or plugin that is exactly like all these "we have updated our privacy policy" and "we don't store your data like IP address for more than a week" and having players to accept it in order to keep playing on the server, otherwise disconnect?

[ASKER_CZ]

I store more than 700k unique players in my database including IP, city, steamID, steam name. No one gives a f*ck. Unless you are extra-known

[mlov420]

Quote:

Originally Posted by ASKER_CZ I store more than 700k unique players in my database including IP, city, steamID, steam name. No one gives a f*ck. Unless you are extra-known

This is a bad attitude to have if you're serving any players in the European Union and collect data on your players such as IP addresses, as well as make money from your servers. Failed compliance *can* result in criminal charges as well as fines up to 4% of your companies profits. 4% may not seem like much but there are potential criminal consequences as well and this is a very serious law going into effect for EU. This is why Valve, FaceIT, and every other company on the planet are now giving away countless bits of information they had stored on us because they had to get in compliance.

The 3 big points of GDPR for us server ops are:

- notifying players that data is being collected to personalize their experience
- giving them the option to consent or opt out
- having a clear way of customers (players) being able to contact you to receive ALL data you have collected on them.

Community owners need their website's privacy policies updated if they store any personal information on their players (IP address, among other things, falls into this category). If you serve ads of your own (adsense, for example), you will also need something similar to the 'Cookie Consent' slide up at the bottom of your page to notify that you and/or your third party advertisers are collecting data in order to personalize your ad or server experience.

You would also have to provide some kind of reasonable contact information (email address, for example) for players to be able to contact you and receive all of their stored information in a reasonable time frame.


It is highly unlikely many will be affected by this, but it definitely applies to most larger communities because they collect a lot of data and often serve their own ads. If your player base is mostly in EU, it is in your best interest to get in compliance. It only takes a few idiots to report you and cause you a problem. Save yourself the trouble. This went into effect May 25th so the game has already started. Google offers some great tips on getting your site into complaince. Google something like "Adsense GDPR compliance".

[bobis]

Quote:

Originally Posted by mlov420 This is a bad attitude to have if you're serving any players in the European Union and collect data on your players such as IP addresses, as well as make money from your servers. Failed compliance *can* result in criminal charges as well as fines up to 4% of your companies profits. 4% may not seem like much but there are potential criminal consequences as well and this is a very serious law going into effect for EU. This is why Valve, FaceIT, and every other company on the planet are now giving away countless bits of information they had stored on us because they had to get in compliance. The 3 big points of GDPR for us server ops are: - notifying players that data is being collected to personalize their experience - giving them the option to consent or opt out - having a clear way of customers (players) being able to contact you to receive ALL data you have collected on them. Community owners need their website's privacy policies updated if they store any personal information on their players (IP address, among other things, falls into this category). If you serve ads of your own (adsense, for example), you will also need something similar to the 'Cookie Consent' slide up at the bottom of your page to notify that you and/or your third party advertisers are collecting data in order to personalize your ad or server experience. You would also have to provide some kind of reasonable contact information (email address, for example) for players to be able to contact you and receive all of their stored information in a reasonable time frame. It is highly unlikely many will be affected by this, but it definitely applies to most larger communities because they collect a lot of data and often serve their own ads. If your player base is mostly in EU, it is in your best interest to get in compliance. It only takes a few idiots to report you and cause you a problem. Save yourself the trouble. This went into effect May 25th so the game has already started. Google offers some great tips on getting your site into complaince. Google something like "Adsense GDPR compliance".

All this info is good but for smaller communities which they have just a few TF2 or CSGO servers and not even a site (like mine), will they make a plugin that informs the player on join via pop up window or motd that their privacy data are kept for this reason etc, (exactly like the new pop ups like "we updated our privacy policy and we use your personal data like this") in order for game server owners having their mind in peace?

EDIT: I am thinking about a plugin that looks exactly like the "rules" one , if you don't accept it , you disconnect form the game server. Or just include these new GDPR info to already existed rules plugin?

[ghostofmybrain]

Here's what I don't get. Their data isn't being connected to personalize their experience. Everybody gets the same experience.

[mlov420]

Yeah but if you serve any kind of content through your own website (ads, youtube videos, etc..), there are built in trackers that are collecting data which is used to personalize content, and although you may not be storing the info or personalizing the content yourself, you are responsible for making opt-in/opt-out options available when that content is viewed on your domain. This is just on a basic level if you're using simple third party stuff that lots of people use.

But even if you're just storing IP addresses and stuff, that information still has to be made available upon request to EU players and you also have to have public notices that you are collecting this data.

The average community owner/website operator can get away with using Cookie Consent slide up ( https://silktide.com/tools/cookie-consent/download/ ) and slightly re-wording it. It's really those with large communities that have to take some extra measures.