In a response to a post from the AntiDRM Twitter account, Ubisoft Support has clarified that users who don’t sign in to their account can potentially lose access to Ubisoft games they’ve purchased. The initial post from AntiDRM featured a snippet of an e-mail sent to a user from Ubisoft notifying them that their account had been temporarily suspended due to inactivity and warning that it would be closed permanently in 30 days. Responding to the ominous e-mail, the Ubisoft Support Twitter account stated “We certainly do not want you to lose access to your games or account” and noted that account closure could be avoided by signing in to the account again.
Oooh, I would really like to see that challanged in front of a German court after such a deletion happened. There are so many different legal facettes here.
Damn I really hope they do this to the wrong person and rub them the wrong way so they get dragged to court for this.
Data Protection shouldn’t be a relevant issue - at least not in the sense that it forcss them to delete accounts. When you process data under the GDPR, you have to identify a lawful basis.
I assume that transactions through the eStore would be handled under the contract basis, with the hosting of the game in the library forming part of the contractual relationship. That would enable them to maintain an account for as long as the contractual relationship persisted.
That basically means GDPR doesn’t force them to close an account, they close an account based on their policies because they choose to. That’ll be based on their T&Cs, so things will fundamentally circle back to whether their T&Cs are legitimate and lawful.
It is possible that a data subject could potentially raise a claim for damages under the GDPR, on the grounds that the deletion of their account is a breach of contract that amounts to an availability data breach.
GDPR clearly says, if there is a valid reason for storing your data, they can store it (no timelimit). Like you can store data for invoices etc for 10 years too even when you ask them for deleting your data.
Iguesseverybody also agreed to it when you registered.
I do not see any valid reason why they would delete acvounts, like saving 1 line in a database?
Some companies decide to delete user content not because it’s necessary for GDPR, but because it’s the simplest way for them to deal with GDPR.
Valve has a TOS that lets them do the exact same thing. So it’d be interesting indeed.