Rejected by Developer Account Deletion System

[Asseb]

Since the Account Deletion System is being implemented to deal with GDPR and data abuse I would like to suggest to you and ask you if it would be possible to add an option where you can agree for Innogames to store your data for an indefinite period of time so that our accounts never get deleted(with our consent ) even after 1 year of inactivity.

Best Regards

 

[JawJaw]

Hi!

Thanks, this has been approved for voting. I do not know if this would be legally allowed to do for us, but if it makes the voting that is something our legal dep could take a look at

Good luck!

 

[ALessonInPointWhoring]

It's definitely legally allowed. Literally 0 other sites I am registered to have sent emails about the potential deletion of accounts. Sites changed their privacy policies, but nowhere but here that I have seen has that entailed account deletions.

 

[JawJaw]

It's definitely legally allowed. Literally 0 other sites I am registered to have sent emails about the potential deletion of accounts. Sites changed their privacy policies, but nowhere but here that I have seen has that entailed account deletions.

There's a difference however. GDPR implies that we do not store data "for longer than necessary". If an account becomes inactive, it is no longer necessary to store information and so it has to be deleted.
This may not apply to other sites, but simply because GDPR is defined pretty vague every company takes a different approach to this, to not risk the huge fines.
Until a lawsuit happens that makes the standards a little more clear, every company will implement their interpretation of GDPR. We take a very serious approach (above the average site you're subscribed to), so it will be up to our legal department to decide if we can or can not legally do this depending on the company's interpretation of GDPR, not other sites around the globe.

For fun, take a look at the GDPR texts and you will see how vague they are in their wording of what can and can not be done. This basically means that judges in lawsuits will need to make the correct interpretation clear, and no company wants to be the first to get up there.

 

[ALessonInPointWhoring]

I've read GDPR quite thoroughly, as have the lawyers that work for sites much larger than Innogames where accounts aren't being deleted. The biggest concern isn't not deleting my account, it's storing my payment information indefinitely should I ever give you it as a means of premium purchase.

I will be amazed if the deletion of accounts that contain large amounts of premium doesn't in itself trigger lawsuits.

Yes, I am aware that your TOS has clauses that imply accounts can be deleted, but TOS are not "get out of jail free" cards, similar to you not being able to put: You agree upon signing up on our site to not sue us for violation of GDPR.

 

[mch123]

If an account becomes inactive, it is no longer necessary to store information and so it has to be deleted.

For the record, I haven't read the GDPR stuff.

The bolded part also implies that it's not required to delete the data. It's probably not what you meant - as I'm guessing GDPR requires that companies delete information they do not need - but it's just something I noticed.

Define "inactive"... in regards to GDPR...

There are many players, myself included, who have taken more than 12 months out and appreciate that our accounts are still here with previous achievements/flags and the ability for old friends to find us by our username.

I know the definition you as a company have provided but, in a court setting, you can't argue that an account is truly inactive when a proportion of the player base have all returned after such a period. Therefore you can surely keep hold of email addresses, username, passwords and in-game purchase records.

Also, if you bought a physical product from a store and then didn't use it for 12 months, the company can't just come take that back. I'd have thought the same should apply to virtual purchases such as premium points. Your customers paid money for that. You really shouldn't have the option to take the product back because "someone isn't using it right now". It's not like it's a subscription that has expired. (Am I wrong about this? Because of some small underlying maintenance cost of "inactive" accounts to the company? Not sure. Seems counter-intuitive.)

As ALessonInPointWhoring mentioned above, you should delete payment information after this time frame as that's sensitive personal information that needs deleting.

 

[JawJaw]

I've read GDPR quite thoroughly

I kind of will stop reading here, because if you had you will notice straight away that it is defined very vague when it comes to "no longer than necessary" and some other definitions. Define "necessary". I'm sure bigger companies have some legal way of giving it a definition where it is legal, we won't simply because we want to be on the safe side and not take any risks, while big companies will take (and are taking) risks.

As I have mentioned before, until some first court rulings occur that give less vague definitions to GDPR, we will be on the triple X safe side of things and not take any risks when it comes to storing information. This is also why it is unlikely this idea will get passed.

The TOS has nothing to do with it. The TOS is made to comply with the law, not to circumvent it.

 

[Asseb]

This is also why it is unlikely this idea will get passed

Quite a shame, but I completely understand that. Since GDPR is very recent, you want to be as safe as possibly until new information about it comes to public in terms of law suits and that sort of problematics.

The problem I have with this is that it’s something good for the company not necessarily for the players, when GDPR changes should be in benefit of players.