European law change effecting online games

I've heard of them, heck my country is part of five eyes. It doesn't make the countries subject to foreign laws though. Same as when the EU makes a manufacturing standard into law, the US has no obligation to oblige with the standards if they're selling from the US. The EU's legal authority doesn't extend beyond its borders, it's not the world's government. For some reason a lot of people from the EU are under the impression their laws are global. They're not

 

But it's really not wrong.

 

*sigh* If you want to sell in EU as US-company you have to understand and follow the EU-laws. Dataprotection has now a strong standing in EU from 25th may and therefore - if you want to sell wares here any longer - you follow the rules or get sued and banned from the european market. That easy.
It's not the place where you produce something which counts but where you try to sell it. And finally: online-sales are nevertheless sales and the point-of-sale (=customer) is the spot where laws like VAT, Dataprotection and customer-rights are applied.
*period*

 

An entity is allowed to collect your data if you have given consent to do so. They are obligated to delete your data if so requested unless there are reasons critical to business continuity or legal requirements for them to keep the data.
An example is that the company I work at collect amongst other things the IP address of kids using our services, because we are obligated to inform local authorities if any of these kids exhibit self destructive behaviour. Therefore we are legally obligated to keep that IP address and the users cannot ask of us that we don't.
They does not however mean that we can keep it indefinitely and we are required to document who has access to that particular data.
I think many of the things you mention (except actually you IP) is subject to the "business" paragraph. If however you ask for a deletion they might be required by US law to retain a portion of that data for a period of time to satisfy IRS audits and such.

As with all regulations, this is subject to precedence rulings and as none exist at this time - the exact impact of it remains undetermined.

I think it is important that this is not viewed as a US vs. EU thing. It's a step towards global privacy regulations, and US residents will benefit from this as well as most of the entities that fall under this regulation will most likely apply the same rights to all its users regardless of citizenship.

 

This is really not any different than companies outside U.S. dealing with U.S. kids online that are required to abide by the rules in COPPA.

 

2. Even though it’s driven out of Europe, the GDPR impacts the whole world.
If you live outside of Europe, you’re probably wondering what a European law has to do with you. Thanks to something called “territorial scope,” any organization that deals with data of EU residents must comply with the GDPR for those individuals, which impacts global organizations like Apple and Facebook. Even though they are not strictly required, some organizations are taking a principled (and perhaps easier) approach, providing the same set of controls and protections to non-EU residents.

 

For the same reason anyone selling virtual goods to EU people has to pay the VAT of the country the buyer resides within EU. Its the law... some people dont abide to that here... just dont get caught.

 

https://www.theverge.com/2018/5/25/17393766/facebook-google-gdpr-lawsuit-max-schrems-europe

 

The law states a company with no eu representation must appoint someone to represent them if they get charged. Know what happens if a company refuses to appoint someone? The EU fines them. Know what happens if they don't pay the fine? Literally nothing because the EU can't enforce anything outside the EU. Apple etc., are committing because they have corporate presence in Europe. If you have nothing in europe and don't plan to, you can safely ignore eu law.

 

Some people travel to Europe yknow... That's where we catch em

 

People aren't corporations, they can't touch them. The EU have even expressed doubt that they can even do anything with a nominated representative for a company if they did elect to send one when they have no presence in Europe because you can't delegate corporate liability that way.

 

Companies can ignore the laws of the EU, and they can also be blocked from communicating with the poplulation of the EU. Just because their businesses exist outside of EU zones doesn't mean they don't have to honor the laws of those countries. Yes, companies based outside of EU zones aren't legally required to comply with the new law, but there are actions the EU can take to stop allowing commerce/communications from said company to occur.

Tell that to Citizen's United.

 

https://www.pcgamer.com/mirage-arcane-warfare-is-being-removed-from-steam-due-to-gdpr-regulations/

 

It's not about data being resold.... it covers ANY data collected, even for internal use only. As I work for a company affected by this, I can tell you it is a serious p.i.t.a. It makes a lot of sense end-users, but not so much for companies. The fact of regional data storage, every application must allow data to be deleted, etc. Companies do not operate in different regions, etc can find themselves having to provide services etc they didn't have to before just to stay compliant... these compliances are not cheap.


So I see it like this... smaller companies will not be able to do business in the EU, because it won't be cost effective to operate. Which means lower competition, as only big business will be able to meet all the demands. Less choice for the end-user, costs for products will rise, because companies are going to have to push it over to the customers, and even after they have made that money back, the prices will stay high because... PROFIT.

Data regionalized storage will make it easier to target specific locations for hackers. Customers may force companies into areas where they don't want to business, so companies then pull out.

People who want to go off grid in EU will be able to do so easily... both good people and the not-so good people, aka terrorist.


It could go either way, but after going through GDPR training at my company I was definitely not seeing the good in all of it.

 

Https://www.engadget.com/amp/2018/05/26/how-gdpr-is-affecting-the-games-you-love/