Urgent feedback about privacy options missing in EU

Moontear-ravencrest · March 22, 2025, 5:43pm

Under the General Data Protection Regulation (GDPR), which governs data protection and privacy in the EU, gaming companies are required to respect users privacy rights. This includes providing options to control how personal data is shared or displayed.

Specifically:
Right to Privacy: Users have the right to control their personal data, including profile visibility in forums or other public spaces. Also in-game data from public profiles.

With the latest patch, the options to hide account achievements in-game and make forum profiles private have been removed.

Also, I just found out that under the account management page, in the “Game Data and Profile Privacy” section, an option to share my data was enabled by default, as though I had agreed to sell my data. I never enabled this option or consented to sell my data to external companies or share my game data. Enabling such settings by default, without my explicit consent is illegal under GDPR.

Now the forums are also missing options to hide profiles and make them private.

It seems that my profile is still hidden because I had previously selected the option to make it private. However, the option to make it hidden is now missing or has been removed.

What is happening here, and why are such actions being taken in Europe? It is against EU law to not provide users with privacy options.

All these changes were implemented without any public notice or announcement, leaving us uninformed about significant modifications that affect our privacy. WHY?

This situation contradicts EU laws that guarantee privacy rights to users. I strongly urge you to restore these privacy options immediately and ensure compliance with GDPR.

Please reinstate the option to hide my game profile and achievements, as well as the option to make players forum profiles private.

I am going to report this to EU GDPR authorities if no actions will be taken. I do not agree to share my profile with anyone, and I want the privacy guaranteed to me under the EU law.

It is outrageous that a company would treat its customers in this way.

source: [Patch 11.1.0 (undocumented changes) https://warcraft.wiki.gg/wiki/Patch_11.1.0_(undocumented_changes)#User_interface

Characters can no longer be hidden from the external Blizzard API, such as Raider.io or DataForAzeroth scans.

This was an option in the Social settings called “Display Only Character Achievements to Others”.

Upon logging into any character that was “hidden”, this status will be cleared and external sites will see them.

Relevant functions:
[ShowAccountAchievements] API_ShowAccountAchievements)
[AreAccountAchievementsHidden] API_AreAccountAchievementsHidden)

Dejarous-draenor · March 22, 2025, 5:50pm

Most of the things you mentioned are not personal data.

Under GDPR, "personal data" is defined as any information relating to an identified or identifiable natural person, meaning information that can directly or indirectly identify an individual

Forum profiles / achievements etc relate to ingame characters and have nothing to do with stuff that can identify RL you which is what GDPR is about.

So stop the pseudo lawyer / threats schtick. It’s laughable.

Moontear-ravencrest · March 22, 2025, 5:51pm

Blocked. No interest in responding to a forum troll.

Saani-argent-dawn · March 22, 2025, 5:53pm

What personal data is being shared?

Dejarous-draenor · March 22, 2025, 5:53pm

You treat ignorance as a virtue.

Keento-argent-dawn · March 22, 2025, 5:54pm

Forum profiles, nicknames and characters do fall under personal data according to GDPR:

[…] an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Punyelf-draenor · March 22, 2025, 5:55pm

Your pixel data is not your personal data and they aren’t breaking any rules this way.

Personal data that has to be protected by law are things like your real name, address, phone number etc.

Furio-aegwynn · March 22, 2025, 6:03pm

Ye, its not defined as personal.

Dejarous-draenor · March 22, 2025, 6:03pm

No, please stahp.

How can anybody identify who keento is irl from your ingame name or achievement points or damage logs etc?

They cannot. This information is not personal information. Such information is your name, your address, social security (or equivalent) number, tax number etc etc.

Keento-argent-dawn · March 22, 2025, 6:09pm

Did you even read the quoted content?
It applies to your social identity of a natural person as well.
I know you like to discuss a lot, but if you’ve actually worked with GDPR regulation and data-protection, you’d know how finicky these rules are and how borderline insane they re sometime are about whether something is considered “personal information” or not.

Don’t care whether you believe this or not, I’ve done enough work and coding systems that had to support GDPR complience in gaming and it’s far more complicated than just “ip and email”. And that’s not even keeping localized rules in place as the EU GDPR itself is just a framework, where each member state can implement its own ruling on top of this.

Germany’s “Datenshutzgezetz” for example goes even beyond what GDPR prescribes and forces companies to keep personal information about German users hosted in Germany under certain conditions.
While the idea of GDPR is sound, it’s honestly the wild west in a lot of cases, and sometimes things don’t even make sense.

Keento-argent-dawn · March 22, 2025, 6:15pm

Also checked account settings:

[Album] imgur.com

You can still tell Blizzard not to share your game data, unless I misunderstood the hinted option from the account?

Uda-uldum · March 22, 2025, 6:43pm

What context?

If you read the whole defenition (which is surprisingly long) of what “Personal Data” is according to EU GDPR and its Jurisprudence, it is very clear that it is information of any kind that can identify you as an IR person.

And it dosent say that the social identity (such as a forum profile, or wow toon) is “personal information”. What it sais is that IF a “social identity” can be used to identify you as an individual, then yes it is considered “personal information”.

And a blizzard toon, or its forum avatar cannot be used to identify you as IR person. Whatever the context.

That is because in order to create a toon, you need to give Blizzard your information. You need to pay with money somehow !

So from the “back end” of the discussion, Personal Information is messy and interlinked. And it’s probably where you have worked in.

But from the “front end” (what WE, the players see) it is not messy. It is as clear as day. If I, Uda, cannot identify you, Keento with what is publicly available, then its not Personal Information.

And the information (API) Blizzard gives to Raider IO is just the “front end” of the data. Uda moved to the left. Uda cleared XYZ dungeons this week. Uda casted spell Y and wore Item Z. That is something that you, Kento could see if you wanted to. By inspecting me in Donorgal.

Moontear-ravencrest · March 22, 2025, 6:49pm

I had this option disabled, but noticed today that it was enabled again by default after patch i guess?

Saani-argent-dawn · March 22, 2025, 6:53pm

Hiding your forum profile isnt really much use anyways. Your posts can still be found via the search function. It just makes it a bit harder for the forum detectives.

Gráinne-earthen-ring · March 22, 2025, 6:54pm

I have too, though not specifically in gaming, and I agree with you on that. It can be really annoying. TBF, the problem is not usually in the rules themselves, but in some bureaucrats’ interpretation of how the rules might apply in certain situations, notably where what would normally not be PII can be connected, albeit indirectly, to PII.

But I suspect that Blizzard have consulted enough lawyers and accountants and Compliance Managers and general bureaucrat-wranglers that they know more about this than you and I combined. Or do you disagree?

So legal ranting is nonsense. If you think you have a legal case, feel free to consult a specialist lawyer and build it. Don’t bring it to a public forum. If you don’t have or want to spend the money, your national government will have an office to which you can address GDPR complaints. They’ll tell you you’re wrong for free.

Tah-earthen-ring · March 22, 2025, 6:56pm

So if I’m called Chris McStabby in real life and I call my character Chrismcstabby, then it would be illegal for Blizzard to share my character’s name through their API?

Dejarous-draenor · March 22, 2025, 6:57pm

No, only if its called ChrisMcStabbyIrl ingame.

Uda-uldum · March 22, 2025, 6:59pm

(A) Have you tried to make a toon with your RL name (at-least the name you put in your BNet account)? Try. See what happens…

But lets break that down:

Would it be Illegal for Blizzard?

For something to be illegal you need to be responsible for it.

Blizzard is in no way responsible for Chris McStabby being an idiot, and doing things against Blizzards recommendations.

Its what Jurisprudence sais.

Saani-argent-dawn · March 22, 2025, 7:00pm

Dont think GDPR can protect against stupidity if i decide to share my real name, adress, phone number and bank card on here, its not blizzards fault for giving out my information

Tah-earthen-ring · March 22, 2025, 7:02pm

I find the subject very interesting.
From a personal viewpoint I don’t want them sharing my data. Not because I’m scared of ‘being found irl’ or something like that, but because I don’t want to contribute to toxic, damaging ‘services’ such as raider.io.

I believe that such a decision should be possible.

Oh no, of course I haven’t.