Core Allegations

Game launch only possible with an internet connection, even for offline titles (e.g., Far Cry Primal). In doing so, Ubisoft collects personal data such as:

1. Start and play times
2. Duration of gameplay
3. Connections to third parties such as Google, Amazon, Datadog

The data processing takes place without valid consent, which is unlawful under Art. 6(1) GDPR.
Technical Analysis by the Player
Within 10 minutes of gameplay, the following were observed:

1. 150 DNS requests
2. 56 connections to external servers

Ubisoft only claimed this was for ownership verification, but in reality refers to extensive data collection in its privacy policy (including use of third-party analytics tools, game data, login data, etc.).
Demands by NOYB

1. Deletion of all affected data
2. Cessation of unlawful data collection
3. Imposition of a GDPR fine – theoretically up to 92 million euros, based on Ubisoft’s annual revenue (over 2 billion euros)

A successful outcome of the GDPR complaint against Ubisoft would establish that forced online connections for offline games without a valid legal basis are unlawful. This would send a strong signal to other publishers using similar practices (forced services by Valve Corporation, Unity Technologies, Epic Games, Inc., Electronic Arts, Inc. Microsoft Corporation, Bethesda Softworks, LLC, and many more) and could proactively lead to more privacy-friendly adjustments.

For users, this would mean a stronger position in relation to major game developers.

Source

Do you like to play alone? Ubisoft is still watching you!