(02-12-2020, 07:18 PM)Mephistoles Wrote: Discovery is not GDPR compliant and never will be. Anybody spouting it becoming GDPR compliant was talking the proverbial bull and has no actual idea what they are/were talking about and did so safe in the knowledge that nobody else really does, either.
(02-04-2019, 12:50 AM)Xalrok Wrote: Because we are aware of historical concerns regarding the security of user data that have been recently brought up again, we have been working on a new and comprehensive Terms of Service agreement to bring Discovery into GDPR compliance, and further work is underway to upgrade our software to comply with this regulation.
(02-12-2020, 09:05 PM)Alley Wrote: I would highly recommend you read Article 2 of GDPR. It does not solely apply to legal entities. Discovery is not in any of the exclusion cases and certainly not 2.2c.
As far as I have been able to ascertain based on my own research into GDPR: Unless you are a legal person or entity selling goods and services to people in the EU ("engaged in economic activity"), and as long as you are only processing data that can be reasonably justified as required to run your service. Then your website falls under the exemption granted by personal or household activity, and the data you are collecting is considered to be within your "legitimate interest".
If we made Discovery pay to play or if we started tracking information about you to sell to third parties, then we'd be liable.
I am curious as to why the statement Laz quoted about making Discovery GDPR compliant was made in the first place though. I wasn't even around then, so I don't know the story behind it.
Edit: Even in the case of pay to play, applying GDPR would be a stretch due to legitimate interests.
(02-12-2020, 09:05 PM)Alley Wrote: I would highly recommend you read Article 2 of GDPR. It does not solely apply to legal entities. Discovery is not in any of the exclusion cases and certainly not 2.2c.
As far as I have been able to ascertain based on my own research into GDPR: Unless you are a legal person or entity selling goods and services to people in the EU ("engaged in economic activity"), and as long as you are only processing data that can be reasonably justified as required to run your service. Then your website falls under the exemption granted by personal or household activity, and the data you are collecting is considered to be within your "legitimate interest".
If we made Discovery pay to play or if we started tracking information about you to sell to third parties, then we'd be liable.
I am curious as to why the statement Laz quoted about making Discovery GDPR compliant was made in the first place though. I wasn't even around then, so I don't know the story behind it.
Edit: Even in the case of pay to play, applying GDPR would be a stretch due to legitimate interests.
To begin with, I'd like to point out this thread was never about arguing on the semantics of GDPR. That's something major companies themselves still have not managed to settle on and is not really worth worrying about for an obscure gaming community.
One of the reasons the project was started was to provide more transparency to the users regarding the collection and use of their data (esp personally identifiable), which is plentiful on discovery when you include the multiplayer server. It's a simple thing but immensely respectful toward the user. It's seemingly something the dev team equally understood and were willing to implement and that's what I'm asking about here.
Regardless of looking to be fully GDPR compliant (which is an unrealistic goal), there are core concepts in GDPR that are really not that hard to implement and require no particular skills aside of the ability to write sentences.