Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
This topic has been locked 
Discussions Rules and Guidelines
Report this post
no, just enter it or get your stuff elsewhere.
if you have credit cards is irrelevant. enter where you live.
billing address is solely for taxes and other bureaucrazy/legal stuff.
there is precisely one city in the whole world collecting e-commerce taxes and that is chicago.
if your taxes are being collected on a national level then they need to know ... do you live in america, italy, or germany.
if your taxes are being collected on a state level then they need to know ... do you live in illinois, lombardia, or hessen.
if you live in illinois they need to know do you live in chicago.
and even if you lived in chicago it doesnt matter if it is on baker street or main street. the taxes dont change.
Well, there's something to be said about being proactive. After all how many more times do they want to update the system to gradually collect more information as laws continue to change? Also providing your full address does remove ambiguity about location.
And your address isn't super secret sensitive information when push comes to shove. If you're using a CC they've already got it. If using other forms of payment was your strategy for staying off the grid, well...
except in some places it IS against the law to collect information not strictly needed. in the EU for instance it is illegal for a company to collect more information than is needed as it is considered a privacy violation.
in no cases would your street address EVER matter. lets assume worst case, you live in chicago. chicago is the only city in the world, right now, taxing e-commerce. it doesnt matter if you live on baker or main street. you are in chicago. even in the single most extreme case there is NO POINT your address matters to the collection of e-commerce taxes
why is that a good thing?
they have to PROVE they need it. as per the law, the EU General Data Protection Regulation (GDPR), i dont have to give it. and more, legally asking is very questionable legally.
well for some things i have to give it. for others im not obligated to do so. your phone number isnt super secret sensitive info either. go on and post it for us...
see the point?
if im not obligated to provide it then why should i?
valve cant assure me what it will do with it in the future. division of motor vehicles in america issues drivers licenses and for years collected info on people to do so. legally. then the orwellian named Driver's Privacy Protection Act (DPPA) allowed them to sell all that data and suddenly places like california are selling it for pennies to just about anyone that wants it.
valve cant assure me they will keep said data safe either. no one can. in which case each piece of information shared online with ANYONE should be carefully considered. banks, websites, social media giants, major corporations, and even governments are routinely hacked and the data they have gathered is posted online or sold to criminals or both.
if you dont want to protect YOUR data thats ok, its on you. but dont try to argue i should give mine up.
its worked until now and i suspect it will continue to do so.
steam doesnt have the legal standing to request this information and eventually the eu is going to nail them for violating the law.
i realize you might be the kind that can be tracked around via your email, for instance. in a cascading chain find you on social media, find your name, find where you live, find your work, find your license plate, pull a credit report and criminal background report on you, etc. for you all that might just be the times you live in and normal.
to me its a sign of someone who hasnt precisely planned to fail but has completely failed to plan.
The other options don't really apply to Steam -- for example, the location of the bank account works as well, except that Steam doesn't access my bank account directly (I use PayPal, which accesses my bank account; Steam doesn't see that).
but the short version is they need TWO points of non contradictory info.
we say where we live is one
our ip address is a second
it also has access to either our bank account, credit card, or where we bought the steam card, etc as a third data point.
----------------------------------------------------------------------------
RiO 1 Feb @ 9:07pm
Originally posted by brian9824:
Originally posted by Danyael133:
The support send me this Link right now:
https://support.steampowered.com/kb_article.php?ref=6112-TDHB-4392&auth=99f0bf472b9f241cc83ba56baa54e257
Yep, in otherwords as its been said its for tax purposes.
No queue up the handful of armchair lawyers that will proceed to google snippets of various tax laws and codes with no context to claim that they are actually violating the law......
I actually prefer to cite the relevant articles of law directly from the law text that Valve themselves are citing. To avoid giving everyone a headache while attempting to read it, I'll point you to the more user-friendly HTML version[eur-lex.europa.eu] of the same law text for reference. (Compare the document IDs if you won't take my word for it.)
And now without further ado, where it all starts is Article 24b - as Steam is covered by electronically supplied services:
Article 24b
For the application of Article 58 of Directive 2006/112/EC, where telecommunications, broadcasting or electronically supplied services are supplied to a non-taxable person:
[...]
(d) under circumstances other than those referred to in Article 24a and in points (a), (b) and (c) of this Article, it shall be presumed that the customer is established, has his permanent address or usually resides at the place identified as such by the supplier on the basis of two items of non-contradictory evidence as listed in Article 24f of this Regulation.
So, let's move on to Article 24f:
Article 24f
For the purpose of applying the rules in Article 58 of Directive 2006/112/EC and fulfilling the requirements of point (d) of Article 24b or Article 24d(1) of this Regulation, the following shall, in particular, serve as evidence:
(a) the billing address of the customer;
(b) the internet Protocol (IP) address of the device used by the customer or any method of geolocation;
(c) bank details such as the location of the bank account used for payment or the billing address of the customer held by that bank;
(d) the Mobile Country Code (MCC) of the International Mobile Subscriber Identity (IMSI) stored on the Subscriber Identity Module (SIM) card used by the customer;
(e) the location of the customer’s fixed land line through which the service is supplied to him;
(f) other commercially relevant information.
So, Steam legally needs only 2 items of non-contradictory evidence.
Out of those that in particular shall serve as evidence, they always have your IP address.
And for most payment methods, they always have the necessary bank details. EU bank account numbers that follow IBAN have two-letter ISO country codes in them. BIC codes carry the same information.
That's two points of data covered.
Valve only needs a third in case they need to rebute a presumption of a customer's location:
Article 24d
1. Where a supplier supplies a service listed in Article 58 of Directive 2006/112/EC, he may rebut a presumption referred to in Article 24a or in point (a), (b) or (c) of Article 24b of this Regulation on the basis of three items of non-contradictory evidence indicating that the customer is established, has his permanent address or usually resides elsewhere.
However, the presumptions in question are all based on physical location of the provided electronic service; on the service being tightly coupled to fixed equipment or a landline; or on being tied to a specific mobile phone and its SIM data.
None of these could ever apply to Steam as a distance seller of digital content access via the open internet, so there is nothing to rebute and there will not ever be a need for a third item of evidence.
Period. End of discussion.
That brings us to the GDPR[eur-lex.europa.eu]. Specifically; to article 5, which codifies data minimization and the fact that if a data controller has multiple ways available with which they can within reasonable means fill their needs - whether those be legal requirement; legitimate interest or otherwise - then they are obliged to use the means that result in processing the least amount of personal data. This is partly clarified in recital 39 as well.
Article 5 - Principles relating to processing of personal data
1. Personal data shall be:
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(39) (...) The personal data should be adequate, relevant and limited to what is necessary for the purposes for which they are processed. This requires, in particular, ensuring that the period for which the personal data are stored is limited to a strict minimum. Personal data should be processed only if the purpose of the processing could not reasonably be fulfilled by other means. (...)
Now, since Valve always have access to your IP address, because that's how your connecting to Steam, that's one item of evidence accounted for.
That leaves only one more. Valve usually also have access to bank account data via the payment transaction, or can get access to it with minimal effort. They'll either already receive it back via the payment confirmation sent to them from their payment provider, or they can query it from the payment provider, given a transaction ID.
So, only in the limited scenario where a payment method has no associated bank data, do they need to fallback on something else - like asking for a billing address.
In all other instances, the GDPR makes it so that they may not demand your billing address, because they already have other means available.
This doesn't quite cover everything though. Because even in aforementioned case of not having bank details available to them, they still can pick from "other commercially relevant information."
That term is not defined in the law text itself. But we can find its definition in accompanying explanatory notes[ec.europa.eu] as is usual with these type of complex directives:
9.5.1. What is covered by ‘other commercially relevant information’?
(...)
Some of the items which, depending on the circumstances under which the concrete business is conducted, could be used as ‘commercially relevant information’ are the following:
(1) Unique payment mechanisms – When a customer uses one of the methods of payment unique to a particular Member State, it provides accurate information identifying the Member State in which the supply was made. It could be taken as an indication as to where the customer belongs.
(2) Consumer trading history – When a customer has an established relationship with a business, records from prior transactions could provide a reliable indicator for future transactions. This information includes the historical IP address of the customer, billing address, place of predominant consumption, etc.
(3) Gift card point of sale – When a gift card is sold to a customer who is physically present at a retail establishment, it is likely that the customer will be local to the country in which the establishment is located.
(4) Country-locked gift cards – When gift cards are country-locked and can only be used in the country of issue (this restriction is stated clearly on the face of the card), the Member State in which the card is locked could be indicative of where the customer belongs in much the same way that a café or hotel that sells wi-fi access in a public area is treated as being the place of that customer.
(5) Documentation of third-party payment service providers – In many countries, payment service providers verify at least part of the billing address of a payment method before approving a transaction. Usually this information is not shared with the payment service provider’s customer (i.e., sellers of electronic services) for data protection and security reasons. However, when the payment service provider shares the information with the supplier of the service acquired, that information could be used as ‘commercially relevant information’.
(6) Customer self-certification – When the subscriber provides confirmation (e.g.within the online ordering process) regarding his country, his bank details (especially information where a bank account is) and credit card information, this could be taken to be ‘commercially relevant information’.
Interesting here are:
#1 which means the use of a payment method like iDEAL for Dutch people is in and of itself a valid item of evidence.
#2 which means repeat past access and purchases from a consistent IP address counts as a separate and second item of evidence next to the IP address of the current transaction.
#5 which means additional information not related to bank details that Valve may receive back from a payment provider - such as even part of (!!) a registered billing address - counts as an item of evidence next to bank details.
And finally, the big one - #6, which counts any active statement on the customer's part regarding his country; bank details or credit card information. I.e. Selecting your preferred store region; your preferred download region; etc. is an item of evidence as well.
Count all of these and there is absolutely no need for Valve to ever ask for a billing address.