The European [url=https://gdpr-info.eu/]General Data Protection Regulation (GDPR)[/url] invokes ridiculously extreme fines and some very in-depth restrictions that are probably going to affect MWM and City of Titans. Does MWM intend to comply with it?
[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.
I'd have to assume MWM will "comply" with that as much (or as little) as other comparable MMOs that exist today do. Any uniquely specific reason/issue you're concerned about in MWM's case?
CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]
For one thing, this entire Forum might have to be completely scrubbed and deleted off the servers. I know for a fact that there is Personally Identifiable Information all over it. Especially in the volunteer threads, the art posted by people, etc., etc.; and that's not even going into the Backers data, and all the other info that MWM might be keeping.
Here is a twitch stream that City State Entertainment is currently broadcasting as I write this, and it is a good watch for people who want to know the answers to question just like what you asked. CSE started as a Kickstarter about the same time as MWM and is about to go into Beta Testing with Camelot Unchained, so it is a good estimate of the issues at stake.
https://www.twitch.tv/videos/265442181
[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.
Why would anything on this forum have to be scrubbed because of a EU law? MWM is based in the US. What am I missing?
Compulsively clicking the refresh button until the next update.
Well it would obviously suck if this forum had to be wiped but it wouldn't be the end of the world. And if worst really came to worst MWM can simply concede having any "official European presence" and be a US-only based game. *shrugs*
CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]
Yeah I'm kind of missing that point as well.
CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]
Somewhat personal data, and reveals of relationships, but I feel that a person who wanted to know who we are would have to search through all of the sources, like DA and other sites, to make connections. The forum software/database would clearly have personal information, in order to connect with us users, which might not be completely secure from external threats, but I'm not so worried about that. Volunteer thread, of course, has personal information.
I know the personal names of some of the forumites, although I avoid exposing that data in my posts. I know that some of the forumites know My personal name, but I'm not worried about them selling that info.
Be Well!
Fireheart
Then you'd better read up on it. The GDPR cares not whether the business is in Europe or even has any European ownership. What it cares about is whether any data subjects are European. It is written to protect European citizens from internet businesses who practice poor data security. By the way, "Data Subject" is legalese for "person".
What I don't understand, or condone, is the fact that I posted a link to a livestream where all these questions are asked and answered, and I posted a link to the text of the law itself, and yet people still refuse to educate themselves before they post what they surmise will be. I guess purposeful deliberate ignorance is just one of my pet peeves. [/rant]
[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.
I agree with Lothic. Might even be better for MWM to stay a US-only venture, at least until it is more established and has the revenue to appropriately deal with issues like this that would require a, potentially, full-time lawyer.
Obviously that would be a shame for those outside the US, I know I would be bummed, but for a volunteer start-up that would probably be the best course of action.
Compulsively clicking the refresh button until the next update.
I would likely politely tell such a "foreign regulatory body" to pound sand. If the only way MWM could run CoT without being fined by a foreign party (assuming such fines were actually enforceable) would be to cut off all ties with any European operations and even prevent Europeans from playing the game I'm sure MWM would/could reluctantly do that. It would seem that in this case the GDPR would "protect" its citizens so well that they'd be protected from playing a game as well. Their loss.
Frankly I don't think any of this would come to that regardless. Worst case scenarios are worth considering but they shouldn't be considered "sure things". *shrugs*
CoH player from April 25, 2004 to November 30, 2012
[IMG=400x225]https://i.imgur.com/NHUthWM.jpeg[/IMG]
This is all largely a moot point and can be deflected with a proper privacy declaration which can absolve MWM of the ramifications of misuse of any data used from their websites. The matter of financial data is where this truly matters most. I’m sure they have already considered the needs in this matter which they have yet to even require the need for.
This does not apply to data mining personal information freely given in an open forum. Those things are at the users discretion or lack thereof to provide and do so at their own risk.
And your twitch link didn’t work for me. Dead video.
"A sad spectacle. If they be inhabited, what a scope for misery and folly. If they be not inhabited, what a waste of space." ~ Thomas Carlyle
Companies do not like to mess with the EU since they represent such a large economic power base. The laws they create are not always thought all the way through. In my experience, if there is no standard, the EU will enact the first regulation/standard/law that comes across their desk to set precedent (mostly to cover themselves no matter how incomplete or flawed it might be). Then you have to comply with their ruling or fight like hell for years to get things to change. Economic leverage is what is at play here.
If you simply tell the EU to sit and spin they will just prevent you from doing business in the EU. It is that cut and dry.
"Just, well, update your kickstarter email addresses, okay? Make sure they're current?" - warcabbit
EU doesn’t have any legal jurisdiction/authority outside of the EU. Most likely the only things they can do (for companies not based in the EU) are complain to the country where the servers are based, and threaten to (or actually) block the servers until the company complies with their shiny new law.
Man, that would be sweet!
[img]https://media1.tenor.com/images/5b872ee791c8822bf37812e3a3847266/tenor.gif?itemid=3475527[/img]
The EU is either going to only go after the big fish, or exhaust themselves silly going after a huge chunk of the vast internet to the point that they’re unable to effectively enforce their rules on anyone. I’m not saying MWM has nothing to worry about, but they probably don’t.
Not that I dislike what the EU is trying to do. But I don’t think they can really do it.
I feel like it’ll be like those FBI warnings you see at the start of a movie. Not completely unenforceable but rarely enforced, unless someone’s making a lot of trouble in flouting them.
Also, it was specifically written such that a disclaimer is not going to be enough, otherwise that's all businesses would implement and then continue as they have been. No, the EU was quite deliberate that they actually wanted security to change, not just continue business as usual with worthless disclaimers attempting to protect their asses while all their customers' PII is hacked.
I just re-verified the link. It is accurate. I even verified it as a logged-out viewer, just in case it was hidden behind my permissions as a backer for the game. Nothing is stopping you from searching for [i]City State Entertainment[/i] or [i]Camelot Unchained on Twitch[/i] and finding it yourself.
[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.
Frankly, the EU can take a hike for all I care. MWM can stay local to the US and EU members can come to us. If we are blocked in the EU...oh well. We have the whole rest of the world to do business in.
[img]https://s15.postimg.cc/z9bk1znkb/Black_Falcon_Sig_in_Progess.jpg[/img]
As soon as MWM has one European citizen or even a non-citizen who is visiting the EU and who then accesses the MWM data control system, they are then under the jurisdiction.
Therefore, it might be that MWM has to implement IP blocking to avoid anyone in the EU from accessing.
And that would really suck, because www.TitansCity.com is the most kickass fan site there is.
[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.
Oh I agree a satisfactory level of security is called for but I don’t think what they have written will supersede any earnest approach to security coupled with an adequate disclaimer, which any company would be fools not to employ I simply don’t see them effectively enforcing this beyond that.
Ok block what you can there are ways around it and frankly all that does is piss off the European constituency of any website. It doesn’t really stop anything if people really want around it. And beyond blocking a website/domain I don’t see the EU going after any small company over this should one get hacked by an organized threat which I find unlikely in MWMs case. No offense to MWM.
Besides I don’t think any American court will regard an earnest attention to security as criminally negligent, nor do anything to assist in prosecution of this EU law. This is meant to cause the major corporations to pursue solutions to data theft which I don’t see happening for some time. Should the big players do so then soon after all companies will eventually benefit from it.
The companies thus far that have suffered the most from security issues/laws are the big ones that drop the ball, and by big I mean publicly traded.
Gotta take it with a grain of salt until some real action/fallout is actualized. Maybe I’m all wrong. Time will tell.
"A sad spectacle. If they be inhabited, what a scope for misery and folly. If they be not inhabited, what a waste of space." ~ Thomas Carlyle
more likely it would be up to the EU to block IPs. MWM can put in the EULA that it is forbidden to access COT from the EU. MWM doesnt have to do the EU's job.
Well - it really comes down to how different the EU laws will be from MWM's internal plans I suppose, and if they are different just [I]how[/I] different.
I really don't think they could or should just flippantly ignore it because
a) the EU is a big market that also houses a population of CoX ex-pats, and
b) such consumer protections may start to become more common in the future, especially with the recent kerfluffles in the social media space (or even concerns with those new-fangled home assistants).
"Siri, let's play City of Heroes!"
"Okay, but I'm playing a villain."
Be Well!
Fireheart
That’s not Siri’s response at all LOL
Siri plays a metal song titled City of Heroes when you say that (just tested) :D
Few things.
1) EU law absolutely can affect things globally, because many large tech companies that we think of as being US, are actually Irish. The "double-Irish" was a tax loop-hole that allowed them to pay basically nothing to either the US or Ireland. However, when the "double-Irish" loophole was closed, companies still kept moving there. Apple. Google. Facebook. These are just a few companies with major headquarters in Ireland, and thus, the EU.
2) The law, from what I've read on the document today, doesn't seem like it'll affect MWM. The vast, vast, vast majority of the law is centered around collecting and selling/using personal information of clients to third parties for advertising/data mining/profiling/etc (what the law calls processing). I've never heard MWM say that a big part of their business model was to sell user data.
3) The consent thing is actually part of the law, so yes, they can have you simply click an "I agree" button. The main changes, compared to how things are now, are that a) the consent for processing must be separate and clearly stated (no burying it in fifty paragraphs of other stuff), b) the client can opt out of processing, and c) the client has to know WHO is doing the processing. So...if a client calls up and says "who has my data" you can't reply "third parties" you have to reply with the actual names of companies that have it. So, in case you were wondering, no, using an auto-pay system is not illegal under this law, neither is storing data for accessing characters in a game.
4) The only other part of the law that I thought could possibly affect this game is the "right to be forgotten." Again, this primarily affects processing. You can have your data removed from any processing operation if you want.
I'm pretty sure that's what you're referring to with the "scrub this forum clean" argument. However, after a second reading, I realized it's written as a right, not an obligation. The client has to ask for it. So, at most, this means that if a player calls up MWM and says "delete all my info" then they have to. But every game I've ever known has an account delete option already, so what does this change? Nothing. If they can delete their account, they can already delete all their info, and so MWM is already compliant as far as characters and such go.
The only possible problem I see is if someone wanted to get pissy and say "I hate ur game, delete all my stuff". You don't want to have to go sifting through the forum for all their posts where they may have put in some personal data. The best option would be for a deleted account to automatically cause all connected posts to vanish. This is how Youtube has always done it. However, an easier solution might be to set old, inactive threads to automatically go away. I think most forums already have that as an option.
I can't discuss this matter directly; it's being evaluated. We do have a formal privacy policy that is linked at the bottom of the public pages on this forum but if you want a direct link it is at:
https://cityoftitans.com/privacy-policy
We have team members on four continents at this time: North America, South America, Europe, and Asia so this is a matter of concern for us.
This is a personal reply and any comment or opinion does not reflect on any official policies of Missing Worlds Media, Inc., any of its subsidiaries or products.
-----------
[color=#FF0000]Senior Developer/Project Manager/Co-Founder... and then some.[/color]
The EU can't punish a US company other than to deny EU customers, and even then those customers could use a VPN if they want.
Also, the forum wouldn't have to be scrubbed. Us disclosing real life info online is different than a company sharing it. Otherwise I'd be going to countless European based forums posting "Hi, I'm Paul from Boston, enjoy your fines, turd nuggets!"
A law that allowed that would get scrapped immediately.
[color=red]PR Team, Forum Moderator, Live Response Team[/color]
I understand fully that you can't comment officially. I do hope it doesn't impact you too greatly, but if you ever needed an excuse to push the deadlines out, I suppose this would be a good one.
Just a quick search online is showing me all the companies that this has affected in the past 2 days. Even newspapers have chosen to block EU IP's until they can get things sorted out.
[hr]I like to take your ideas and supersize them. This isn't criticism, it is flattery. I come with nothing but good will and a spirit of team-building. If you take what I write any other way, that is probably just because I wasn't very clear.
Well there we have it then. MWM is aware and looking at it.