Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Bethesda Circumventing GDPR by Sharing Betheda Account Info by Default to Push Zenimax Ads

Delicieuxz
 Share

 

Bethesda Circumventing Data Protection to Push Zenimax Ads

 

Quote

Bethesda may well have breached General Data Protection Regulation with the way they've been pushing ads for Zenimax products (who Bethesda operates under) through the use of the Bethesda Account creation process.

 

As you surely know by now, modern Bethesda games such as Fallout 76 and, potentially, Rage 2, do not use Steam, but Bethesda.net, and this means the creation of new user accounts for buyers. Turns out, Bethesda has been pushing ads for other Zenimax products in a particularly underhanded way.

 

According to a recent Reddit post, a user has noticed that upon the creation of a brand new Bethesda.net account, users automatically opt into seeing Zenimax-related ads on other websites, which is a major no-no according to GDPR, and is moderately worrying even without it.

 

996942619_BethesdaEUaccountpage.jpg.342513fbce5fbe060abdd59d42903fbf.jpg

 

...

 

In accordance with GDPR (which is only valid in the areas of the European Union) such aggressive advertising techniques ought to be opt-in, with them disabled by default. For a concrete example of companies acting according to GDPR, look no further than Steam, where all newly-created user accounts are set to private. It is only afterwards that users have the option to deliberately make their data public.

 

Here's the reddit discussion that the picture originates from.

 

 

If companies see each other ignoring the rules of Europe's GDPR and suffering no consequences for it, then they'll all get into the habit of doing it and the GDPR rules will be worthless. And being so early into GDPR it's important to make sure the set standard is being adhered to. California's Consumer Privacy Act, which is set to take effect on January 1st 2020, will also require opting-in for any data to be both collected and shared. If companies don't follow the rules of GDPR, what will happen with incoming and future consumer privacy and data rights legislation?

 

Also, while the Bethesda data-sharing setting only mentions sharing the account email address I guess with advertising companies, it doesn't mention which other data is associated with the email address that I expect must also be shared in order for targeted advertising on other websites to work. From what I understand, GDPR requires that companies inform users of the specific types of data of theirs that they wish to share with third parties.

 

I'm not using the Bethesda launcher and I'm not in Europe, so I don't know if this has been fixed since the story was reported. Can anyone in Europe confirm whether data-sharing is still enabled by default in the Bethesda user settings?

 

This is another thing that might add to Bethesda's long list of questionable practices.

 

 

 

If you want to report a GDPR violation, the way to do that is by contacting your country's Data Protection Authority.

 

What should I do if I think that my personal data protection rights haven’t been respected?

 

List of EU Data Protection Authorities

Link to comment
Share on other sites

Link to post
Share on other sites

Seriously can someone fucking slap bethesda in the face ?
like. hard enough to maybe spin the earth the wrong way and bring us to a time that wasn't this ?

~New~  BoomBerryPi project !  ~New~


new build log : http://linustechtips.com/main/topic/533392-build-log-the-scrap-simulator-x/?p=7078757 (5 screen flight sim for 620$ CAD)LTT Web Challenge is back ! go here  :  http://linustechtips.com/main/topic/448184-ltt-web-challenge-3-v21/#entry601004

Link to comment
Share on other sites

Link to post
Share on other sites

16 minutes ago, corrado33 said:

Man it's almost like Bethesda is TRYING to beat out EA or something for "worst gaming company of the year." 

There's still 12 more days...

 

Can they make it? 

 

Stay tuned for more T-pose. 

 

T

Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to comment
Share on other sites

Link to post
Share on other sites

43 minutes ago, corrado33 said:

Man it's almost like Bethesda is TRYING to beat out EA or something for "worst gaming company of the year." 

There's actually a video about that.
 

 

Link to comment
Share on other sites

Link to post
Share on other sites

I just watched a few minutes ago a video ( https://www.youtube.com/watch?v=uxV1iGAB48w ) on the Fallout 76 in-game store and how Bethesda is possibly running afoul of deceptive marketing-laws. At this point, none of this stuff is really surprising anymore; Bethesda decided that using a shovel at the bottom of the pit ain't enough anymore and they went with a full-blown tunnel-borer.

 

Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to comment
Share on other sites

Link to post
Share on other sites

9 minutes ago, WereCatf said:

I just watched a few minutes ago a video ( https://www.youtube.com/watch?v=uxV1iGAB48w ) on the Fallout 76 in-game store and how Bethesda is possibly running afoul of deceptive marketing-laws. At this point, none of this stuff is really surprising anymore; Bethesda decided that using a shovel at the bottom of the pit ain't enough anymore and they went with a full-blown tunnel-borer.

 

I really do wonder if they're going to release "loot boxes" (aka "Lunch boxes"). Geeze if they do.... they must be stupid and have absolutely no online presence at all. 

 

Honestly I don't see a lot of good coming from bethesda in the future. Their gaming engine was outdated for skyrim, and they've continued to use it for 2 fallout games, and AT LEAST 2 more games (including the next TES game.) Like are they just expecting it to be ok for that? People are ALREADY complaining of the engine flaws for fallout 4... freaking 3 years ago. How is that going to go down in freaking 2021 when TES VI actually gets released? 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, corrado33 said:

Man it's almost like Bethesda is TRYING to beat out EA or something for "worst gaming company of the year." 

guess they have this title already for this year. Just a few days ago they announced lunchboxes loot boxes for fallout.

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, James Evens said:

guess they have this title already for this year. Just a few days ago they announced lunchboxes loot boxes for fallout.

They did? I thought that was just a rumour.

Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to comment
Share on other sites

Link to post
Share on other sites

Last time I checked for GDPR, it doesn't matter where company is, it matters where USER is from. You can create billion accounts and if you're from EU, they have to respect the GDPR privacy laws. I have no clue how creating a Bethesda account magically circumvents GDPR then for EU users...

AMD Ryzen 7 5800X | ASUS Strix X570-E | G.Skill 32GB 3733MHz CL16 | PALIT RTX 3080 10GB GamingPro | Samsung 850 Pro 2TB | Seagate Barracuda 8TB | Sound Blaster AE-9 MUSES Edition | Altec Lansing MX5021 Nichicon/MUSES Edition

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, WereCatf said:

They did? I thought that was just a rumour.

just a rumor? give them 12 days :D 

 

Only hope for skyrim is that they are years away from a release and have enough time to figure out if this is the right way. Evil within 3 might be never reality and prey was released last year.

Link to comment
Share on other sites

Link to post
Share on other sites

I thought if you are informed in the terms you agree to then it isn't against GDPR.

 

It seems like a bet they are willing to take they will make more $$ out of this than the cost to reputation through internet campaigns or lawsuits. 

 

My take at the moment is that there are so many people bitching and whinging about everything on the net that most campaigns are little more than an itch to these companies, EA has been the butt of many large viral anti consumer campaigns for the better part of 5-6 years now and people still buy their games, still sign up to the accounts, still hand over pre order money, EA are still a big player.   

 

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, mr moose said:

I thought if you are informed in the terms you agree to then it isn't against GDPR.

 

It seems like a bet they are willing to take they will make more $$ out of this than the cost to reputation through internet campaigns or lawsuits. 

 

My take at the moment is that there are so many people bitching and whinging about everything on the net that most campaigns are little more than an itch to these companies, EA has been the butt of many large viral anti consumer campaigns for the better part of 5-6 years now and people still buy their games, still sign up to the accounts, still hand over pre order money, EA are still a big player.   

 

 

I think one of the main problems is long difficult-to-read license agreements. You can argue it's fair game but they're made that way for two reasons: to be bullet proof legally and to deter users from knowing what they agree too.

 

There's an easy fix: give two versions. One version being the full document with all the legalese and another in an easy and accessible format and language. Companies don't have any interest in doing the latter because they risk people being informed and passing on their product.

 

I'll admit that many would probably agree anyway. For example I'm positive that people would still buy iPhones even if Apple had an egregious policy because it's an iPhone. 

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, RejZoR said:

Last time I checked for GDPR, it doesn't matter where company is, it matters where USER is from. You can create billion accounts and if you're from EU, they have to respect the GDPR privacy laws. I have no clue how creating a Bethesda account magically circumvents GDPR then for EU users...

It doesn't. They're in violation of the law.

 

@Delicieuxz Perhaps link to where EU users of Bethesda's launcher should go to complain about this breach of GDPR.

 

For the UK it's here: https://ico.org.uk/make-a-complaint/

 

but idk about the rest of the EU or other countries.

Judge a product on its own merits AND the company that made it.

How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill

Oneplus 7T (Mid 2021 to present), HP Envy 15" x360 R7 5700U (Mid 2021 to present)

Samaritan XTXH (Early 2021 Upgrade - AMD Ryzen 9 3900XT (12C/24T)  (2021) , MSI X370 Gaming Pro Carbon, Corsair 32GB Vengeance LPX DDR4-2666 (2020) ,  AMD Radeon RX 6700XT 12GB (Mid 2021), Corsair RM850i PSU, Noctua NH-D15 CPU Cooler (2021), Samsung 860 EVO 500GB SSD, Seagate BarraCuda 6TB HDD (2020) , NZXT S340 Elite, Corsair ML 120 Pro, Corsair ML120 x2 (2021)

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, mr moose said:

I thought if you are informed in the terms you agree to then it isn't against GDPR.

 

It seems like a bet they are willing to take they will make more $$ out of this than the cost to reputation through internet campaigns or lawsuits. 

 

My take at the moment is that there are so many people bitching and whinging about everything on the net that most campaigns are little more than an itch to these companies, EA has been the butt of many large viral anti consumer campaigns for the better part of 5-6 years now and people still buy their games, still sign up to the accounts, still hand over pre order money, EA are still a big player.   

 

 

It is if it's hard to understand the terms. GDPR require you to be informed in a relatively easy to understand way if I remember right.

“Remember to look up at the stars and not down at your feet. Try to make sense of what you see and wonder about what makes the universe exist. Be curious. And however difficult life may seem, there is always something you can do and succeed at. 
It matters that you don't just give up.”

-Stephen Hawking

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, mr moose said:

I thought if you are informed in the terms you agree to then it isn't against GDPR.

 

It seems like a bet they are willing to take they will make more $$ out of this than the cost to reputation through internet campaigns or lawsuits. 

The problem here is that consent cannot be opt out. It needs to be opt in.

 

By having the checkboxes already checked by default they are in violation.

Judge a product on its own merits AND the company that made it.

How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill

Oneplus 7T (Mid 2021 to present), HP Envy 15" x360 R7 5700U (Mid 2021 to present)

Samaritan XTXH (Early 2021 Upgrade - AMD Ryzen 9 3900XT (12C/24T)  (2021) , MSI X370 Gaming Pro Carbon, Corsair 32GB Vengeance LPX DDR4-2666 (2020) ,  AMD Radeon RX 6700XT 12GB (Mid 2021), Corsair RM850i PSU, Noctua NH-D15 CPU Cooler (2021), Samsung 860 EVO 500GB SSD, Seagate BarraCuda 6TB HDD (2020) , NZXT S340 Elite, Corsair ML 120 Pro, Corsair ML120 x2 (2021)

Link to comment
Share on other sites

Link to post
Share on other sites

I just had a quick read of part of Bethesda's privacy policy and the way they put it, it sounds like it should be opt in and definitely not opt out. And it also sounds nothing like described in the OP.

 

Quote

E. Subscribing to Emails, and Participating in Sweepstakes, Contests, Surveys and Similar Activities. Users can sign up online or in-person (e.g., at tradeshows, conferences and the like) to receive direct marketing communications from us, including emails about game launches, developments, and upcoming releases. If you agree to receive direct marketing communications from us, we collect your email address, and we may also collect your name, preferences, and, if relevant, information about your account and the Services and other games you use. We may also run contests, sweepstakes or other events or activities (collectively, "events") on our websites and social media channels. Information collected for these events may include your name, age, email address, and other information.

 

Quote

J. Information from Third Party Sites. We also may use third party tools to help us manage and analyze our social media presence, and report on comments, mentions and other content that is posted about us on social media sites and other public channels and forums. These third parties' activities, and their information collection and sharing practices, are subject to the terms of the relevant social media site, channel or forum. We will use this information in accordance with this Policy.

 

Judge a product on its own merits AND the company that made it.

How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill

Oneplus 7T (Mid 2021 to present), HP Envy 15" x360 R7 5700U (Mid 2021 to present)

Samaritan XTXH (Early 2021 Upgrade - AMD Ryzen 9 3900XT (12C/24T)  (2021) , MSI X370 Gaming Pro Carbon, Corsair 32GB Vengeance LPX DDR4-2666 (2020) ,  AMD Radeon RX 6700XT 12GB (Mid 2021), Corsair RM850i PSU, Noctua NH-D15 CPU Cooler (2021), Samsung 860 EVO 500GB SSD, Seagate BarraCuda 6TB HDD (2020) , NZXT S340 Elite, Corsair ML 120 Pro, Corsair ML120 x2 (2021)

Link to comment
Share on other sites

Link to post
Share on other sites

11 hours ago, AluminiumTech said:

It doesn't. They're in violation of the law.

 

@Delicieuxz Perhaps link to where EU users of Bethesda's launcher should go to complain about this breach of GDPR.

 

For the UK it's here: https://ico.org.uk/make-a-complaint/

 

but idk about the rest of the EU or other countries.

Good idea. I've added links to the OP.

 

 

11 hours ago, AluminiumTech said:

I just had a quick read of part of Bethesda's privacy policy and the way they put it, it sounds like it should be opt in and definitely not opt out. And it also sounds nothing like described in the OP.

Like I mentioned in the OP, I'm not in Europe and I don't use the Bethesda launcher, but I checked what my Bethesda website account preferences are set to, and it has a different screen entirely than what is shown in the article, was set by default like this:

 

1747329950_Bethesdaaccountpreferences.PNG.a03a8b3b0651676ed9de7884df0be86d.PNG

 

 

The OP article shows the default Bethesda account settings page to be like this:

 

1768162107_BethesdaEUaccountpage.jpg.6daed0963663a1c8b26137c0526949b0.jpg

 

 

Here's the reddit discussion where the picture originates from: https://removeddit.com/r/Games/comments/a613su/bethesda_account_creation_i_would_like_to_see/

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, mr moose said:

I thought if you are informed in the terms you agree to then it isn't against GDPR. 

Disclaimer: I am not a lawyer.

 

The way I understand it, GDPR requires services to:

1) Inform the users in a clear manner what is being collected and for what purposes. Hiding something in an overly long and difficult to read document does not count.

2) Require users to opt-in to having their data collected. It should not be opt-out. Pre-selected preferences do not count as giving consent.

3) Users of the service must have a way to not have their data collected if they do not desire (assuming the data is not absolutely critical to the main functionality of the service, for example GPS location for a map service).

 

You can no longer present a user with a several hundreds of pages long legal document and go "click here if you agree" and then do whatever you want with their data because "they agreed to our terms".

 

 

Source:

Quote

Consent checkboxes (or yes/no options) – “I accept the terms and conditions” would no longer be sufficient to claim that the user has given their consent for processing their data. So, for each particular processing activity there should be a separate checkbox on the registration (or user profile) screen; or clear yes/no buttons. You should keep these consent checkboxes/buttons in separate columns in the database, and let the users withdraw their consent (by unchecking these checkboxes from their profile page – see the previous point). Ideally, these checkboxes should come directly from the register of processing activities (if you keep one). Note that the checkboxes should not be preselected, as this does not count as “consent”. Another important thing here is machine learning/AI. If you are going to use the user’s data to train your ML models, you should get consent for that as well (unless it’s for scientific purposes, which have special treatment in the regulation). Note here the so called “legitimate interest”. It is for the legal team to decide what a legitimate interest is, but direct marketing is included in that category, as well as any common sense processing relating to the business activity – e.g. if you collect addresses for shipping, it’s obviously a legitimate interest. So not all processing activities need consent checkboxes.

 

Link to comment
Share on other sites

Link to post
Share on other sites

Man all the bad news about Bethesda in the past... month? feels like Im watching somebody falling down the up escalator..

Link to comment
Share on other sites

Link to post
Share on other sites

10 hours ago, LAwLz said:

Disclaimer: I am not a lawyer.

 

The way I understand it, GDPR requires services to:

1) Inform the users in a clear manner what is being collected and for what purposes. Hiding something in an overly long and difficult to read document does not count.

It does that in the website screenshot they linked. It specifically says sharing your email to provide ads.

10 hours ago, LAwLz said:

2) Require users to opt-in to having their data collected. It should not be opt-out. Pre-selected preferences do not count as giving consent.

That sounds fair enough,

 

10 hours ago, LAwLz said:

3) Users of the service must have a way to not have their data collected if they do not desire (assuming the data is not absolutely critical to the main functionality of the service, for example GPS location for a map service).

Not too sure about that, because not using the service is also an option.  The GDPR doesn't seem to claim that you must provide a service without data collecting conditions attached here:

https://eugdpr.org/the-regulation/

 

10 hours ago, LAwLz said:

You can no longer present a user with a several hundreds of pages long legal document and go "click here if you agree" and then do whatever you want with their data because "they agreed to our terms".

 

I read that in the GDPR, but the screenshot doesn't require you to read any terms beyond the one sentence.  It seems to meet the criteria for a short easy to understand condition, the only issue is whether it is opt in or out. 

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites

Link to post
Share on other sites

I saw a shitpost somewhere that was lik e
"only 6 more bethesda scandals until Christmas!" 

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites

Link to post
Share on other sites

5 hours ago, mr moose said:

It does that in the website screenshot they linked. It specifically says sharing your email to provide ads.

It looks to me as though are three issues with it that violate GDPR rules:

 

1. It is not declared to the account holder, and is only discoverable for the account holder by them looking through the settings.

 

2. It is configurable only after the account creation.

 

3. It is auto-checked.

 

Quote

I read that in the GDPR, but the screenshot doesn't require you to read any terms beyond the one sentence.  It seems to meet the criteria for a short easy to understand condition, the only issue is whether it is opt in or out. 

I believe that GDPR requires that the information on the collection of data has to be presented before the fact. The Bethesda account settings page does it only after the fact, and doesn't put it where a person will unavoidably see it.

Link to comment
Share on other sites

Link to post
Share on other sites

I don't know what Bethesda are doing right now, they've lost more goodwill in one year than I can remember. They were so beloved by the PC community...

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×