Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
14 
Report this post
also I think it's likely that all the EULAs at the start of the game are just a requirement from the publisher end to cover all of their bases, it isn't necessarily a sign that the game is actually collecting and sending your personal data. pretty sure that if it did it would have to ask for your permission and let you opt out cause of GDPR.
Which doesn't actually justify EULAs, which are questionably enforceable regardless, but that would be the publisher's perspective on it.
We will see what happens. Meanwhile...i will play this on other Platforms(i wish it would also be on PS4..)
As others have discussed that would be a gigantic violation of the GDPR and would get them fined millions. Haven't you noticed that every website you use requires you to explicitly consent to cookies and offers an option to disable "non necessary" cookies? That's GDPR.
GDPR is even stricter about children (defined as those 16 or under) and this game is both available to and marketed to much younger children. The EULA exists to, VERY questionably considering it is unclear as to if they are legally enforceable, protect them from being sued in case this collected debug data *was* sent out accidentally.
But there is zero chance that this is happening intentionally, for reasons stated above (the data isn't collected at runtime and is attached to a vestigial debug software environment path so it is unlikely to be automatically transmitted) and increasing EU privacy regulation such as GDPR.
"1. Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
2. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.
3. Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
4. Consent should cover all processing activities carried out for the same purpose or purposes.
5. When the processing has multiple purposes, consent should be given for all of them.
6. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided."
The in game privacy policy (which is what data is covered by, NOT the EULA which defers to the privacy policy) would certainly fail 3 because this is a "pre-checked box" with no option to continue without accepting. It would likely fail 5 because there is only one "accept" box, and 1 because it is not informed or unambigous (due to 5).
Recital 42:
"5. Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment."
There is no available option to refuse consent or an ability to withdraw in game. An email doesn't count, it has to be accessible.
Article 8:
"1. Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. 2. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child."
Point A of Article 6 states data processing is lawful if "the data subject has given consent to the processing of his or her personal data for one or more specific purpose." This game is marketed towards and available to children and makes no effort to seek authorization from a parent or guardian.
This is all to say that while 2K could be selling your data, they'd also be putting themselves in legal hot water. Privacy online is a nightmare but there's no *more* rational reason to be concerned about the EULA and privacy policy in this game than, say, your usage of Steam, your web browser, Youtube, or your phone.
Having said that I have over a 1000 games in my library and there is no other game that has this many EULA and they don't keep on popping up each time you play let alone do anything this game is doing with your files. On the indie side I can easily say the majority don't even have a EULA, so this is a really odd situation and we should be concerned.
I really hope the devs don't know about this and it was part of the deal cause that is a really sh-ity way to begin there portfolio post Sonic Mania.
Still holding on before I refund it but I won't play it till someone clarifies the matter. The clock is ticking till I reach the 13 day mark.
Will see hey.
The devs almost lost their livelihoods due to Sega which is why I care this much. Please give them a fair shake when Take Two is the cause and this seems to be accidental and not malicious.
And the EULAs for this game aren't actually for the ways in which the game may collect data, but rather for the ways in which Take Two may collect data. And that includes things like logging into Take Two's website, their website using cookies to collect data, any information you might send when talking to customer support etc. The terms of service in the game do specifically explain that they are including stuff like that.
Basically, the terms of service aren't for the game Penny's Big Breakaway, they're for using any Take Two product, and it's covering the bases for any way shape or form Take Two might collect data in or outside this specific product. It's Take Two's terms of service, not Penny's Big Breakaway's terms of service, after all.
By the way, they did do the work to make the game comply to GDPR rules. The game's time attack mode collects your Steam name and stage time to post it online, and the game asks you to let it post that information online before it does it. And you can then still toggle it on/off in the game's options.
Please try to be sympathetic to the developers when their contract puts Take-Two's EULAs and privacy policy out of their hands.
That said, I really want to support Evening Star, they have shown they can make some really amazing and unique games and are just extremely talented at what they do. I'll be keeping an eye out for a statement as to what exactly is going on, but until then I can't support this.
My name's Hunter Bridges, I'm the Game Director of Penny's Big Breakaway. I also served as the Technical Director. I work with my colleague Christian to build the engine of the game, and also guide our engineers in building out the rest of the game logic. I have a clear idea of what code is contained within the application.
There have been several concerns expressed here. There are also concerns expressed within Steam reviews. Thanks for your patience. This week we are going to be taking the time to respond to various concerns from the community.
(Also apologies if I don't have the developer badge yet on my Steam profile. We were working to get that set up today and I'm not sure if it went through. I'm also on Twitter as @HunterBridges)
OK so first, let's talk about the EULA and other Legal Agreements you have to agree to on first boot.
Since our game was published by Private Division, who is indeed part of Take 2 Interactive, we are obligated to abide by the same requirements as all of Take 2's titles and use their standard agreement language. We are required to have the EULA, Privacy Policy, Terms of Service, and a Photosensitivity Warning.
You can find the verbatim text for the agreements on Take 2's website, and you'll find it's the same as the text in the game:
https://www.take2games.com/eula/en-US
https://www.take2games.com/privacy/en-US
https://www.take2games.com/legal/en-US
https://www.take2games.com/photosensitivity/en-US
So those agreements are what they are. If you have specific issues or questions regarding the language, I suggest you contact them. Evening Star has no control over the contents of these agreements.
There are also users who are reporting having to accept the legal terms on every boot. If that's happening to you, that's a bug, so please provide us more info if you're hitting it.
Next, let's discuss telemetry gathering and concerns of data scraping.
We do not have any data telemetry instrumentation in the game. If any title collects player telemetry, it must comply with GDPR data warehousing regulations.
We use platform services for features like cloud saves, leaderboards, achievements, rich presence, etc. Each version of the game (Steam, Switch, PS5, Xbox) uses service back-ends provided by each platform. Evening Star does not store this data ourselves.
If a user were to run a packet sniffer on the application, the results should line up with what I'm saying here.
OP mentioned having a Crash Dump being created in a NAS folder when the game crashed. The Crash Dump handler is actually open source third party code. Here links to two places in the code that tap the file system:
https://github.com/beefytech/Beef/blob/master/BeefySysLib/platform/win/CrashCatcher.cpp#L579
https://github.com/beefytech/Beef/blob/master/BeefySysLib/platform/win/CrashCatcher.cpp#L1224
We write our game logic in a new programming language called Beef[www.beeflang.org].
The Windows platform runtime adapter for Beef provides this Crash Catcher which attaches to a SIGABRT and lets the user save out a mini crash dump. It's handy for debugging purposes; we have this so players can send us crash dumps if they run into crashes or critical issues.
The behavior of the Crash Catcher assumes your default path to be a local directory. It is possible that if a file was saved on the NAS before the crash event, the previous file path could have carried over and the crash dump was saved to the NAS path.
Also, the CrashCatcher module is a tool to help us address bugs, but it is not necessary. If the community overwhelmingly opposes its inclusion, we are happy to remove it.
I know there is a lot of concern around data privacy. We treat player privacy seriously. We are also very aware of the responsibilities for parties who harvest and warehouse data. We don't collect telemetry, we don't want to harvest your data.
I hope this explanation clarifies a few things, and also confirms our intent regarding data.
Thanks also to everybody for supporting Evening Star and enjoying the game.
So to be clear, the only software in the game that is collecting data is Crash Catcher/Beef right?