Google Play Games Faces EU Scrutiny Over Aggressive Data Collection Expansion

Google's gaming division hits regulatory radar with bold new data harvesting strategy.

EU regulators sharpen knives as tech giant pushes privacy boundaries.

Brussels prepares intervention while Google plays for keeps in user data gold rush.

Another day, another tech giant treating personal data like monopoly money—Wall Street would be proud.

What data will Google collect?

The update allows Google to gather data from users’ gaming activity, including information about the games installed on a device, how often they are played, and the length of each session. Visibility settings will be left on default unless users decide to change them.

Certain games will see additional data shared by participating developers, such as achievement progress, leaderboard rankings, and saved in-game events. 

“Participating developers may receive and/or collect information about your profile, activity within their specific game, and purchases made in their game,” the tech giants said.

Users with an existing Play Games profile have a one-time option to import their previously accrued gaming activity stored in their Google Account. If accepted, this information will be added into the new profile in terms of gaming statistics.

Google reiterated that players can choose to make their profile public or private, delete their account entirely, or adjust visibility settings at any time.

GDPR in question: Is data sharing consent overrated? 

For the search engine powering company to push the update, it must have considered the European Union’s General Data Protection Regulation (GDPR). However, most people WOULD not be happy sharing their gaming data with a business with a base of almost 90% of internet users, including institutions.

Privacy concerns about how gaming companies handle player information are beyond what Google has decided to do. On April 24, Austrian privacy group NOYB, a European Center for Digital Rights, filed a legal complaint against French gaming giant Ubisoft.

The case questioned data collection by Ubisoft’s games, specifically on Far Cry Primal, and the requirement for an online connection even in single-player modes. NOYB said a fan of the game reached out to Ubisoft requesting details of the information stored about their play activity.

According to NOYB, Ubisoft’s response showed session start and stop times, but revealed that the game connected to external servers 150 times in just 10 minutes. The organization described this as “secret data collection” and alleged it violates Europe’s strict GDPR rules.

GDPR law requires that companies only collect data when it is “necessary.” Any unnecessary collection is considered unlawful. NOYB argues that Ubisoft’s justification for online connections, verifying game ownership, could be handled by Steam, where the user originally purchased the title, rather than requiring an additional Ubisoft account login.

Ubisoft is at risk of paying fines up to four percent of its global turnover, which could total €92 million ($101 million) based on last year’s revenues of €2.3 billion.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.