I created a support case on May 25th where I requested one and only received one response four days later where they said they would answer "within the allowed time frame". Well, a few reminders later still nothing.
According to law they have to respond within one month, but now it's been five months already...
Sub-questions:
- What's included in that report in case you have received such a report?
- Does anyone of you have experience with GDPR with any company worldwide and/or has filed a complaint?
- What's to expect from MindArk?
LOL Ok so let me get this straight...
The minute the new GDPR law comes into effect you file a support ticket demanding a GDPR report because
(my guess) you were assuming that they were going to send you a detailed report showing all sorts of data like your returns, log in times, activity log, internal notes on your account and all sorts of other black box data associated with the inner workings of Entropia related to your account?
And now that they haven't delivered this report (that you're not even sure what it should include) people are already chomping at the bit to try to sue them / get them fined over it? lol
Well, I think you're going to be sorely disappointed by the outcome here. There seems to be a lot of misunderstanding surrounding GDPR - as far as my understanding of GDPR goes from what I have read these are the key points worth noting:
1. The data that is covered is:
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
All of the relevant data that falls into these categories are available when you log in to your account on the Entropia Universe website which you have full control over. Other data regarding your avatars performance and such would not be included in this.
2. One of the biggest parts of the new GDPR are rules pertaining to protecting kids data which is now defined as being under 16 (instead of the previous age of 13)
3. Another big part is the requirement to be transparent of how companies protect peoples data and report data breeches within 72 hours when feasible. Most of these details are outlined in the ToS and privacy policy that you accept every time you log into EU. Though yes, they could arguably be more detailed about their on-site security like guards, cameras...etc that helps keep your data safe.
4. Individuals have a few rights that come along with the new GDPR:
- They have a right to get access to a copy of their private data maintained by a company. But again this is only the data as defined in #1 and most is already accessible when you log in.
- They have a right to demand all their personal data is deleted from a companies possession.
- They have a right to be notified of and grant or deny permission to process/transfer their data. Though there are exceptions where it can be bypassed if there is a “lawful basis” for the processing activity (IE law enforcement, banks sharing data (withdrawals), insurance companies, tax processing..etc).
5. Finally perhaps the BIGGEST thing to note here from what I have read in regards to Article 30 exemptions:
The obligations referred to in paragraphs 1 and 2 shall not apply to (a company) employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10.
In other words:
Smaller firms – those defined as having 250 employees or less – do not have to comply with all GDPR rules as standard. If your organisation falls into this band, there’s no need to have documentation of why personal data is being collected and processed, the information you’re storing or how long for. Smaller firms are not required to maintain a record of processing activities unless this carries a risk to the rights and freedoms of data subjects, it is a regular occurrence, or it relates to certain data like criminal convictions and offences.
Not sure how many employees Mindark has but I think it's under 250. I think they have like 15 people and 4 chimps working for them lol
Anyways.... before we fly off the handle trying to get a huge fine levied on Mindark over this crap maybe forcing them to shut the game down forever without notice - pissing thousands of people off and royaling fucking many out of ungodly sums of money they have put in over the years.
Maybe we should first consider what it is you're even asking them for when you ask for a GDPR report and if they are actually required to give you the specific information you THINK you're going to get and/or if the information they are obligated to give you is even worth the hassle.