Hi,
I'm just wondering, as I can't find any information on the subject.
How long is character information retained in the event of deactivation in the EU/EEA what with GDPR, these days?
Or even if it falls under 'personal data'?
Hi,
I'm just wondering, as I can't find any information on the subject.
How long is character information retained in the event of deactivation in the EU/EEA what with GDPR, these days?
Or even if it falls under 'personal data'?
I don't think it does. the character data is owned by SE, you're simply given license by SE to make use of it. The character data itself also doesn't contain personally identifiable information, that is all in your playonline account data, w hich is technically seperate.
Officially, character data is deleted after some period of inactivity, but in practice they don't actually do that anymore, to make it easier for players that quit to return. You also have the ability to delete that data, so none of this runs afoul of those EU privacy laws.
The GDPR applies, using its own words, to "natural persons", so it has no application to 'virtual characters' in a video game if there is no data that can identify a 'real' person.
However, the GDPR does apply to your account data and in that respect there is no specified time period for its retention, rather the GDPR requires data to be deleted "after the purpose for which the data was collected is no longer valid", eg. when you cancel the account. Note that this aspect of the GDPR to my knowledge has yet been considered by legal cases so currently it's unclear how long after an account is cancelled the data would have to be deleted.
You do have the right to demand its deletion and that must be done within a defined period (I don't recall that exact time in days off the top of my head) but if they refuse to do do SE would have to provide a justification to your country's regulator that is responsible for GDPR implementation .. example in the UK it would be the ICO .. who would decided if SE's case was valid or not.
If the account is still active then SE would be perfectly justified it seems to me to claim they need the data to provide the service for which it was originally collected .. a basic concept of the GDPR is the purpose for which personal data was collected and retained .. however once you cancel your account that purpose will be deemed completed.
Requirements such as tax laws, accounting standards, etc. will be taken into account to allow companies to retain data beyond the end of the service for which it was collected in order to such laws and regulations to be complied with, so immediate deletion is not likely going to happen for any data involved in the payment for a service or goods, eg. a video game subscription.
Note: I am not a lawyer, however I was an acting Data Protection Officer in the terms of the GDPR for a UK company handling low-level personal data (names, addresses, dates of birth and little else, very similar to the data we supply to SE in our accounts) so had to read the GDPR and understand its concepts and requirements.
Last edited by Kerin; 12-14-2019 at 10:17 PM.
© SQUARE ENIX FINAL FANTASY, SQUARE ENIX, and the SQUARE ENIX logo are registered trademarks of Square Enix Holdings Co., Ltd. Vana'diel , Tetra Master, PLAYONLINE, the PLAYONLINE logo, Rise of the Zilart, Chains of Promathia, Treasures of Aht Urhgan, and Wings of the Goddess are registered trademarks of Square Enix Co., Ltd. The rating icon is a registered trademark of the Entertainment Software Association. All other trademarks are the property of their respective owners. Online play requires internet connection. |