Voyage Online Today: 1    Total Posts: 98671

Total:#3

Create Thread

[Discussion] "New" EU law; General Data Protection Regulation

[Copy link] 2/2051

#1
Posted on 2018-05-24 12:17:06 | Show thread starter's posts only

I want to ask the powers that be, how will the EU's new GDPR (General Data Protection Regulations) affect players of this game. As I have seen in the press that some big companies and games companies have started to prevent their European players from accessing their games because they don't know if the games company complies with the regulation. Some companies have closed altogether blaming lack of funds to implement the changes.

--------------------------
changed title a bit; "Regulation" was actually passed May 2016 it is being implemented May 25, 2018.
(There is a slight difference in the words... regulations are issued by government agencies.. laws are passed by "governmental process" written statutes then bills that become statutory law in the US.)  - Ele

Signature
They say that human experimentation is illegal....in your case it was not illegal enough
#2
Posted on 2018-05-24 12:22:06 | Show thread starter's posts only

2 option:

Option A: IGG dont care cause hey its igg :D

Option B: IGG does care and remove the whole crazy questions for apply to be VIP#

Signature
The New Forum is lets say "special"......
#3
Posted on 2018-05-24 12:26:42 | Show thread starter's posts only

You are asking a programmer (fok) about law?

I think the obvious answer is to wait till IGG lawyers look at it and then the board of directors will decide.

And if you think IGG will specifically answer you...
~shrug~

- Ele

**edit 1**
Thinking about this.. only the game servers are for sure in the USA.. and the only info transferred at log in, is the log on name and password.
It is the IGG servers in China and Singapore that handle the money and account info (we have to log into different web pages to buy IM or to create an account)... This may explain the character/ account creation problems last winter and maybe explain where Fok has been hiding since February.


So MAYBE something is already in place?  who knows if it is actually working for us... but probably does for the mobile games people.

1) Also a question is who will be enforcing this regulation?  The countries themselves?? The companies themselves?
**EDIT 3**

DPA (Data Protection Authority) - is who companies contact with in 72 hours of a breach and even if no breach, they must let the Authority know if data they process is high risk of a breach. The Authority issues all the warnings, reprimands, temporary bans, and fines. (each EU state will have one - but not sure which one will take non EU notifications)

EDPA (European Data Protection Board) - will help ensure that the data protection law is applied consistently across the EU and work to ensure effective cooperation amongst DPAs. The Board will not only issue guidelines on the interpretation of core concepts of the GDPR but also be called to rule by binding decisions on disputes regarding cross-border processing, ensuring therefore a uniform application of EU rules to avoid the same case potentially being dealt with differently across various jurisdictions.

DG JUST - (Directorate-General for Justice and Consumers) - for the consumer;
Phone number; +32 2 299 11 11 (Commission switchboard)
Postal address;
Directorate-General for Justice and Consumers
European Commission
1049 Bruxelles/Brussel
Belgium

2)  How much of a problem must occur before action (fines?) can be taken?
I would assume who ever becomes the regulating agency and ends up policing this, they will only go after big data breaches.  If one person can't get their data records - would anybody even try to pursue that?

**Edit 3**
I can only find suggested fines/ set limits.
It looks like everything will be decided on and tweaked as time progresses and as the cases increase.
(no surprise basing the guidelines to be on what will be "previous cases".)

There is a maximum fine for companies: up to 20 million euros ($23,425,380 USD )****, or in the case of a company, up to 4% of their total global turnover in the previous fiscal year.
**** note that is TURNOVER Not Profit.. so that is the amount of $ earned for items sold in the year.

But if you look at guidelines already in place:
  "It should be noticed that breaches of the Regulation, which by their nature might fall into the
   category of “up to 10 million Euros ($11,712,690 USD) or up to 2% of total annual worldwide
   turnover” as set out in article 83 (4), might end up qualifying for a higher tier (Euro 20 million)
   category in certain circumstances. This would be likely to be the case where such breaches
   have previously been addressed in an order from the supervisory authority, an order8 which
   the controller or processor failed to comply with9 (article 83 (6)). The provisions of the
   national law may in practice have an impact on this assessment10."

Sooooo ...looks like MOST first time offenses will have the "up to 10 million Euros($11,712,690 USD) or up to 2% of total annual worldwide turnover" cap.

3) Enforcing this regulation will cost a lot of money... where will the money come from?
unknown

Here in the states companies seem to only act retroactively - look at the home depot data breach... nothing done for MONTHS after it happened and even then all we got was a notice.  My local credit union was the one who acted intelligently and with in a year or so had given everyone new debit cards - (Who doesn't shop at home depot at least 1x a year? in my area anyway.).. Though I believe i had to ask my regular credit card banks for new cards.

So, I have a feeling it will be wait and see...

****EDIT 2****

Web pages, forums and game were down again today for a few minutes....
this also happened last week ...

I'm guessing they are still implementing the programming changes ... even now at "zero hour".

- Ele

BTW if you live in the US or Canada or anywhere but the EU... the right to claim/edit your data does not apply to you... and as far as i have read into it... legally they do not have to notify anyone but EU customers of the any breaches that may happen... so hopefully someone would post it here for all to see - RIGHT?

----------------------------------------------------------
----------------------------------------------------------

Great site where I found all this info and links to info plus there's a whole lot more:
General Data Protection Regulation GDPR (by intersoft consulting); https://gdpr-info.eu/

----------------------------------------------------------
---------------------------------------------------------
Privacy advocates have already prepared lawsuits against Facebook, Whatsapp, Instagram, and Google, alleging they are breaking the new rules. (From CNN)

----------------------------------------------------------
-----------------------------------------------------------
What are my rights?
If you're an individual residing in the EU, GDPR guarantees you the right:

  • To access data concerning yourself
  • To erasure — or to be forgotten
  • To be informed how your personal data is used
  • To rectification of inaccurate personal data
  • To restrict processing of personal data
  • To data portability — or to obtain and reuse personal data across services
  • To object to processing of personal data
  • To not be subject to an automated decision, including profiling

Do I have to do anything?
For the most part, the answer is no. However, some entities may seek further permission to continue processing your data and ask for your approval.
Was my data protected beforehand?
In short, yes but not to the extent that GDPR guarantees. GDPR replaces the EU Data Protection Directive, which went into effect in 1995. As such, GDPR provides a much-needed update to deal with the challenges of today.
What about data breaches?
A "data controller" — companies, organizations and any other entity involved in the digital economy and processing data of EU individuals or within the bloc — must legally inform authorities within 72 hours of a data breach.
They are also responsible for informing you if your private data was compromised. However, if doesn't have to if there were measures to obfuscate the data, such as encryption.
Are there areas where my data is not covered by GDPR?
Yes. Your data is not covered when it is used for purposes that include national security, statistical analysis and the employment relationship (due to a law already governing such relations), among others.
Who has to comply?
  • Entities located in the EU.
  • Entities providing goods or services to EU residents.
  • Entities monitoring the behavior of EU residents.
  • Who ensures compliance?
  • Data Protection Authorities, which are independent public authorities, tasked with overseeing and investigation the application of data protection laws in the EU. Each EU member state will have one.


http://www.dw.com/en/what-is-gdpr-the-eus-data-protection-law/a-43901782
-------------------------------------------------------------------------------
------------------------------------------------------------------------------

.
.

Signature