(no title)
kenbaylor | 8 years ago
How is the consumer (data subject) linked to the ID? aka how does a human prove ownership of the account (email address etc??) This is where your PD is.
The solution is pretty easy. You create a table where a user is mapped to an ID. Then you create the rest of the game just as normal, only using the ID.
You WILL need a privacy notice showing data subject rights and detailing what you are collecting and why, and other third parties that you share data with. Also how to contact you to enforce those rights. This should be on the website and wherever the game is (mobile app etc).
If there's a data request, you give them the mapping of their PD to your ID, and that's really it.
If they invoke their right to be forgotten, then you update that row of the table with something other than PD being mapped to the ID. Effectively, they are forgotten.
You can collect data once you tell them what data you are collecting and why, if you are relying on informed consent. They can either give it and play, or not give it and not play.
kruuuder|8 years ago
My question is if/how I can implement gaming analytics without requiring the user to opt-in (most wouldn't, but I need data to balance), and without providing implementation details on request.
If I ask Blizzard for all personal data, will they provide me all World of Warcraft event details related to my in-game character, nicely formatted in a JSON, so that it conforms to Art. 20 GDPR: "Right to data portability"? I don't think so. How will their solution look like?