Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

AppGameKit Classic Chat / GDPR and Apps

Author
Message
Shock
AGK Developer
21
Years of Service
User Offline
Joined: 24th Oct 2002
Location: United Kingdom
Posted: 26th Apr 2018 15:11
Hi all,

I've been wondering how the new GDPR regulations affect apps that we develop (as hobbyist app developers). I thought I'd create this thread because I couldn't find any other information about GDPR on the TGC forums. Has anyone been working towards GDPR compliance with your AppGameKit apps? Is there any app changes or documentation you've needed to make?

So first of all, I assume we all need Privacy Policies for our apps. This is something that most people probably already have, as it's a Google Play Store requirement to have a Privacy Policy before you can list your app. However, GDPR has some very special requirements for that policy, that may need adding, such as your contact details, details of who else has access to any data, purposes of holding the data, etc:
https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/privacy-notices-under-the-eu-general-data-protection-regulation/

When we add advertisements (such as from Admob), does that mean we're passing personal information onto Google? Or at least allowing "ad provider" to gather that information themselves using the app?

Something as simple as an online high score system means we're storing personal information. A user-provided nickname is classed as "Personal Data". Storing it in a database etc requires consent. You'd then need a data processing agreement with your webhost?

My apps are relatively simple - I've never created a mobile app with a login system, or one that needs to track users or store data online, I could imagine it to be a minefield if your app needs that functionality. I've spent a little bit of time looking into GDPR, and it seems like quite a big hurdle to safely implement for the solo hobby app developer, even for the most basic apps.

Does anyone feel like their app is GDPR compliant?

Thanks,
Shock.
Carharttguy
7
Years of Service
User Offline
Joined: 8th Jul 2016
Location: Belgium
Posted: 26th Apr 2018 16:41
Hi

I have regular meetings with the GDPR officer in our organization, and the main thing to do is: Do not overdo.
Just tell clearly to you customers in a privacy policy WHAT you are saving, WHY you are saving that, to WHO you are sharing and WHY you do that. Also mention what you do to protect the data from leaking.

You shouldn't care about admob to much, they are gathering data, not you.

Are you sure a nickname is classed as personal data in every case? I think it's only the case if it can point to 'real' personal data within your database (e.g., a nickname linked to an IP)
Shock
AGK Developer
21
Years of Service
User Offline
Joined: 24th Oct 2002
Location: United Kingdom
Posted: 30th Apr 2018 15:57
Hi,

Thanks for the reply. In principle I generally do agree about the idea of "do not overdo", however i'm not sure if that's the intention of the EU when they created the regulations. The way it has been interpreted in the organisation I work for is that non-compliance isn't an option (it would be literally breaking the law, leaving us open to £20 million fines).

The way I personally interpret GDPR for hobbyist developers is that there's two options, either ensure 100% compliance, or cease activities before 25th May.

It does appear that a simple nickname ("online identifier") is classed as personal data:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/
Quote: "a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier"


Another point in the regulations is that third-party providers (including your webhost) must be GDPR compliant to host the database, and you must have a written contract in place.

Personally, my apps were released not-for-profit, and I don't currently have the personal resources (time or money -- or lawyer knowledge) to ensure 100% compliance with the regulations. Not complying with the regulations isn't really an option. I have unpublished all of my apps because it's far easier than ensuring they comply with GDPR.
Tumira
8
Years of Service
User Offline
Joined: 28th Oct 2015
Location:
Posted: 22nd Jun 2018 18:42
New updated AppGameKit has included GDPR support. Have you guys tried those ? Also is it possible to just disable the games or apps in ALL of EU countries ? Do we need to select one by one ?
Ortu
DBPro Master
16
Years of Service
User Offline
Joined: 21st Nov 2007
Location: Austin, TX
Posted: 27th Jun 2018 18:45
Doesn't matter if you block EU countries it still applies for EU citizens living/ working/ traveling outside the EU.
http://games.joshkirklin.com/sulium

A single player RPG featuring a branching, player driven storyline of meaningful choices and multiple endings alongside challenging active combat and intelligent AI.
Mac
19
Years of Service
User Offline
Joined: 18th Jan 2005
Location: London
Posted: 28th Jun 2018 07:29
With regards to high score tables, etc. GDPR states that no data that doesn't have a purpose should be kept. So a high score table has a purpose.
It also says that all data must be anonymised, so as long as you are simply keeping a score, and not a username along with it you are fine.
If you are keeping a username with it, you need to ensure the data is encrypted at all times.

It's a bit more complicated than this but this is the essence of it.
/\\/\\@<

Login to post a reply

Server time is: 2024-03-29 04:45:27
Your offset time is: 2024-03-29 04:45:27