The European Union’s General Data Protection Regulation has been in effect since May of 2018. However, not every company, business, data firm, advertising agency, or video game publisher has complied with the regulations. One fine example of this is Bethesda, who was flagged by gamers for violating GDPR Article 7 sub-section 3, regarding consent and opting out of contracts.
In this particular case, Game Watcher is reporting that users on Reddit discovered that after registering on Bethesda.net to use the Bethesda Launcher, they found that they were automatically opted in to receive ZeniMax ads on other sites.
In the Reddit thread there’s a link to an image showing that in the user settings, there’s an automatic opt-in to receive ads from Bethesda’s parent company, ZeniMax once you register for a free account. During the registration process there is no option to opt-out of receiving ads. You can only change this option AFTER you finish the registration and after you go into the account management section where you can then choose to opt-out of receiving the ads.
It’s true. I tested this for myself by creating a new account and the check box is already marked to opt users into receiving Zenimax ads once a new account is created. You can only opt out after you finish registering an account. They also don’t notify you about the opt-in, you have to manually check by going to the account management screen.
As pointed out in the Reddit thread, this is in violation of GDPR Article 7 sub-section 3, which states…
“ The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.”
The highlighted bold parts comes from the actual article. This also accentuates the fact that users have to be informed before being opted into any sort of data-related contract with a controller, or otherwise a company. In this case, consenting to provide your e-mail address in order to receive ads related to ZeniMax products and advertisements would be the contract, and the controller would be Bethesda.
So how much trouble is Bethesda in? Well, according to the GDPR EU fines and penalty page, it states…
“Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:
”The basic principles for processing, including conditions for consent, under Articles 5, 6, 7, and 9 […]”
Given that this is a clear violation of Article 7, regarding consent, Bethesda would have to pay 4% of its worldwide annual revenue of the prior financial year or up to €20 million.
However, the real story here isn’t just that Bethesda violated GDPR Article 7, it’s that the moderators of Reddit’s /r/Games/ removed the thread in an attempt to hide the fact that Bethesda violated the law. The reasoning for the removal? They claimed it violated rule #3 and that it was “off-topic” in relation to video games. This is despite the fact that the Bethesda Launcher is used to launch Bethesda’s video games, and said launcher requires signing up through a process that clearly violates EU regulation.
If you attempt to check the thread on /r/Games/ you’ll note that it’s removed.
The proper thing for them to have done in that situation is forward the information to the appropriate authorities, since this act from Bethesda is in clear violation of the law. Instead, Reddit’s moderators attempted to hide the news.
This, however, is not new for Reddit’s /r/Games/ moderators. Back during #GamerGate, they colluded with their friends from the secret journalist group known as the GameJournoPros to censor and delete any posts that were related to corruption happening within the video game industry. They created automod filters so that topics containing terms like “corruption”, “corrupt”, “IGF”, “fish”, and “independent games festival” were automatically removed from the sub-reddit.
So any company, studio, developer, or game involved with actual corruption couldn’t have a thread made discussing that topic on /r/Games/. This was revealed after a former moderator leaked the moderator chat logs back in March of 2015, so that people could see how the moderators were burying industry corruption when people attempted to discuss it or expose it via /r/Games/ on Reddit.
You can read the entire chat logs through an archive.
As for Bethesda, if you feel as if what they’re doing needs to be addressed by the authorities, you can contact the Data Protection Authority committee using the European Data Protection Board contact directory.
(Thanks for the news tip Ryan)