| ▲ | pdpi 3 hours ago |
| The GDPR is almost trivial to comply with if you’re not harvesting data willy-nilly. Likewise, the legal risk for small indie games here rounds to zero. Most such games will, at worst, lose access to online leaderboards if their developers shut them down. |
|
| ▲ | drorco 3 hours ago | parent | next [-] |
| I'm a developer of a mobile indie game and it's not true. Just to get started you need to implement tons of third part SDKs like Meta Ads, AdMob, Google Analytics, etc. These require actual handling of player choices, data sanitation etc. disregarding the loss of revenue with not being able to serve personalized ads, or even ads at all to large segments of players. And I'm talking about strictly optional rewarded ads. These already harmed a lot of small mobile game companies, while the bigger mobile companies had much better means to deal with these. I personally paid over $10K for different services just to comply, disregarding the loss of revenue over this compliance. |
| |
| ▲ | acron0 3 hours ago | parent | next [-] | | Maybe don't fill your games with ads and release them on restrictive, exploitative platforms? | | |
| ▲ | drorco 2 hours ago | parent | next [-] | | Did you ever build a commercial project or any business yourself? The nature of your comment implies to me you haven't. I highly recommend you give it a try, it might actually change your mind! | | |
| ▲ | Orygin 2 hours ago | parent [-] | | I didn't know it was impossible to build businesses without inserting to Meta/Google/others ad SDK to spy on all my users. Maybe we should stop normalizing these behavior. | | |
| ▲ | drorco 8 minutes ago | parent [-] | | Yea good luck getting any reasonable visibility on App Store or Google Play without paying good amount of $$$ to meta, Google etc. Trust me I would have loved to throwaway this dependency on these platforms, I don't enjoy paying for ads. The market is not pretty, but there's a reason for why it's the way it is. For some reasons, players prefer downloading games for free and then paying potentially hundreds to thousands of dollars on IAPs, rather than everyone paying $5 for a game. I would have preferred it to be the latter personally, but the market doesn't seem to want to act this way. |
|
| |
| ▲ | hobofan 2 hours ago | parent | prev [-] | | aka "don't make games that anyone has the chance of playing" | | |
| ▲ | krige 2 hours ago | parent [-] | | That's an boggling misrepresentation of the market. | | |
| ▲ | hobofan 2 hours ago | parent [-] | | The "release them on restrictive, exploitative platforms" part of the comment excludes (depending on interpretation): any mobile platform + Steam So that excludes ~95% of addressable playerbase. |
|
|
| |
| ▲ | archievillain 44 minutes ago | parent | prev [-] | | Your videogame is a data-harvester for the purpose of ad-serving, why on Earth would GDPR compliance be easy for you? It sucks that the mobile market is essentially just a glittery front over privacy invasion vectors, but just because it's normalized it doesn't mean it's right. "Serving third party ads" is exactly the kind of thing the GDPR exists to regulate harshly. |
|
|
| ▲ | adrian17 2 hours ago | parent | prev [-] |
| > The GDPR is almost trivial to comply with if you’re not harvesting data willy-nilly. I buy a VPS. I apt install nginx. Is it okay that by default, opening http://IP/index.html logs the IP address to /etc/log/nginx/access.log? Maybe yes, maybe no, maybe yes but I need a privacy policy (for an empty index.html). Maybe I need to ask a lawyer (who usually errs on side of caution) because people have been arguing about it for 10 years (and please don't answer here). And in the end, even if I didn't need to do anything, it sure is _some_ nonzero drain of my resources to have think about it at all (completely ignoring whether it's justified or not). |
| |
| ▲ | esterna 24 minutes ago | parent | next [-] | | This hinges on two misunderstandings: - That data processing always requires consent. There are exactly six reasons for storing or processing data: consent, contract fulfillment, legal compliance, vital interests of a natural person, public interest/official authority, or legitimate interest. Collecting IP addresses can be a legitimate interest, but: - The real interesting question is what you do with the IP addresses after they're stored in a file. Securing your server is a legitimate interest. Tracking your users is generally not. Having lawfully collected data is not a carte blanche to do anything you choose with it. | |
| ▲ | za_creature an hour ago | parent | prev [-] | | > Is it okay that by default [...] ? Yes. IP addresses by themselves are not PII and may be logged indefinitely. It's only after you start correlating them with other shit that you're collecting that they become subject to GDPR. Same for cookies really. If you *only* operate a shopping cart, you don't have to display a cookie notice for "only technically required cookies". The point of the cookie notice is to dark pattern users into granting more access or just to annoy them enough that they continue not caring about privacy. |
|
