Results 1 to 3 of 3
  1. #1
    Player Sirmarki's Avatar
    Join Date
    Dec 2013
    Posts
    1,572
    Character
    Sirmarki
    World
    Asura
    Main Class
    WHM Lv 99

    How long is character data stored for with data laws in Europe?

    Hi,

    I'm just wondering, as I can't find any information on the subject.

    How long is character information retained in the event of deactivation in the EU/EEA what with GDPR, these days?
    Or even if it falls under 'personal data'?
    (0)

  2. #2
    Player Alhanelem's Avatar
    Join Date
    Mar 2011
    Location
    Bastok
    Posts
    10,095
    Character
    Tahngarthor
    World
    Shiva
    Main Class
    SMN Lv 99
    Quote Originally Posted by Sirmarki View Post
    Hi,

    I'm just wondering, as I can't find any information on the subject.

    How long is character information retained in the event of deactivation in the EU/EEA what with GDPR, these days?
    Or even if it falls under 'personal data'?
    I don't think it does. the character data is owned by SE, you're simply given license by SE to make use of it. The character data itself also doesn't contain personally identifiable information, that is all in your playonline account data, w hich is technically seperate.

    Officially, character data is deleted after some period of inactivity, but in practice they don't actually do that anymore, to make it easier for players that quit to return. You also have the ability to delete that data, so none of this runs afoul of those EU privacy laws.
    (0)

  3. #3
    Player
    Join Date
    Apr 2019
    Posts
    19
    The GDPR applies, using its own words, to "natural persons", so it has no application to 'virtual characters' in a video game if there is no data that can identify a 'real' person.

    However, the GDPR does apply to your account data and in that respect there is no specified time period for its retention, rather the GDPR requires data to be deleted "after the purpose for which the data was collected is no longer valid", eg. when you cancel the account. Note that this aspect of the GDPR to my knowledge has yet been considered by legal cases so currently it's unclear how long after an account is cancelled the data would have to be deleted.

    You do have the right to demand its deletion and that must be done within a defined period (I don't recall that exact time in days off the top of my head) but if they refuse to do do SE would have to provide a justification to your country's regulator that is responsible for GDPR implementation .. example in the UK it would be the ICO .. who would decided if SE's case was valid or not.

    If the account is still active then SE would be perfectly justified it seems to me to claim they need the data to provide the service for which it was originally collected .. a basic concept of the GDPR is the purpose for which personal data was collected and retained .. however once you cancel your account that purpose will be deemed completed.

    Requirements such as tax laws, accounting standards, etc. will be taken into account to allow companies to retain data beyond the end of the service for which it was collected in order to such laws and regulations to be complied with, so immediate deletion is not likely going to happen for any data involved in the payment for a service or goods, eg. a video game subscription.

    Note: I am not a lawyer, however I was an acting Data Protection Officer in the terms of the GDPR for a UK company handling low-level personal data (names, addresses, dates of birth and little else, very similar to the data we supply to SE in our accounts) so had to read the GDPR and understand its concepts and requirements.
    (1)
    Last edited by Kerin; 12-14-2019 at 10:17 PM.