Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
That's fair. My workplace is also affected by these changes so there was a bit of discussion about it and the main consensus really was "ask 5 different experts and you'll get 5 different responses". In the broadest sense of explanation your game library and time played would fall under personal data because it is data about you, in that you bought it and played it. Narrow it a bit more, and you could get to information directly created by you in the sense of social media posts, and information like time played could end up falling outside of that.
Is it something anyone would want to find out after enforcement has gone into effect and you end up being thoroughly investigated? Considering the fines I think most would respond with a 'hell no'. Better safe then sorry is a very understandable stance to take when there is no precedent at all yet.
As for the arguments....I mean, it's the internet. People will argue about anything and everything given half an excuse!
Have done some work with GDPR and the EU Commission has so far said that "Personal Data" in terms of GDPR is defined as any data that, with the help of all other available data (ALL), can be used to determine who an individual is or anything about them/their activity.
This means that e.g. Steam Library, Achievements, etc, fall squarely under "personal data".
That the definition of personal data is incredibly broad is one of the main talking points when it comes to GDPR.
Here's the official definition:
'Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Source: https://gdpr-info.eu/art-4-gdpr/
My understanding is that the law is quite clear when it comes to data like achievements, gameplay hours, etc - these are references to an individual's identity (e.g. cultural/social).
However there's alot of things to keep in mind with GPDR; some laws (local or otherwise) override it, there's an aspect to "reasonable" handling of personal data, and there won't be any really hard lines in the sand until one (or more) case(s) go to court - and receive judgement.
There may well be precedents set, or amendments made to the law, that have a huge effect on practical application.
One way or another, things can potentially get very interesting for many of companies & services - and those who use them. For better or worse :)
That definition is indeed very broad! I admit to not having looked in depth at the info yet (sue me, I'm at work) so thanks for putting that up here! I'll have to look over the GDPR in more detail later today, because it is rather interesting to finally see the government play catch-up with the internet. I imagine some scandals / lawsuits will pop up in the coming year from companies that played a little less safe than they should've. Facebook will probably stay clear of that, having been caught before the law was enforced. Many preying eyes will be upon them for the foreseeable future though! In that sense the FB privacy scandal reached the light at just the right time. Privacy awareness for all, but no backlash in fines for them.
Maybe just a little to perfect a time? Hmmmm *tinfoil hat intensified*
I however think all users should be informed that their privacy settings have been changed. There aren't alot of people reading the blog posts, these discussion boards or the update notes.
Makeing a descission about the privacy settings on their behalf, without notifying them (no matter the direction of change) isn't good in my opinion.
Besides this, haven't personally seen any other unintentional behaviours.
This is a good point and I agree. A site-wide inbox message or pop-up notification that informs the user would be appropriate. I myself rarely read the blog posts and just kinda stumbled upon this one by chance....and then rolled my eyes so hard at the 'user feedback' part that they're still spinning in their sockets.
Seeing as you work in IT it should be easy to test.
Should it be cleaned up? Possibly. If it's indeed unused, the code is just clutter. However, not so much a privacy issue unless your computer is already compromised.