One more question

[mazoku]

I know that here are not business oriented people but how the new GDPR relates to arcade sites embedding games from third parties like game distribution and such? 

[b10b]

Ask your DPO

Which areas have you ticked off:

• Breach Notification
• Customer Consent
• Data Protection Officer
• Data Portability
• Data Requests
• Increased Territorial Scope
• Privacy by Design
• Right to Access
• Right to be Forgotten
• Terms of Service

As a first step write up a "Data Protection Plan" with these as headings, detail your processes involved in each - and how they relate to your services and partnerships.  Seek third party expertise as appropriate.  Reference and review regularly so it becomes cultural and part of every process.

[mazoku]

Anyway I think there won't be more small arcades embedding other games because of fear of the gdpr. 

Also you don't need DPO in most of the cases. 

[mazoku]

By the way you are happy to be in Canada. Just block the EU and thats it. I want to move. 

[BobF]

5 hours ago, mazoku said:

By the way you are happy to be in Canada. Just block the EU and thats it.

No need to block the EU. For companies outside of the EU, GDPR only applies if the company targets EU residents. For example, if your game provides European translations, or your IAPs allow the user to specify price in EU currencies, or if your site is a co.uk domain, or if you directly advertise or promote to EU residents, etc, etc. If there is nothing about your game or site that can be construed as targeting EU residents, and you have no presence in the EU, then you can ignore GDPR.

[b10b]

Ignoring GDPR might be ok for non-EU markets in the short term.  But if gaming is a global market with a global audience why delay?  The GDPR regulations represent good practice (and what Generation-Z expect, EU or otherwise) - and a process-oriented small business will already be (mostly?) compliant.  I think the commercial incentive will become more apparent over the next 6-12 months, as dealing with non-EU parties in non-EU territories will soon stipulate GDPR compliance for their vendors (a trickle-down effect).  Entrepreneurs, you're now a DPO

[mazoku]

I want to ignore it but we are in EU. Mostly for the bad stuff. Never for the good stuff.

Now you have to ask the visitor - do you like to watch ads and he can choose no. If yes - you ask again - do you like to watch personalized ads? Who will choose yes? So it looks we are working for free already. 

Simple cookie consent is not enough and is not compliant.

And I don't see how this stuff is good. Its disaster for businesses. Especially for small ones. Facebook for example won't have a problem, its users are stupid enough. 

[mattstyles]

1 hour ago, mazoku said:

Facebook for example won't have a problem, its users are stupid enough. 

This is an extremely glib statement. FB track users in a myriad of ways, all of which must now be exposed to users, that is extremely beneficial to users of any product.

Whether it actually has an effect or not is not yet known, but most companies are tracking how users respond to their tracking preferences (which, in itself, is interesting). The point is that providers are now required to give end users more information about what their product does, this puts these issues in the minds of the end users, which is a good thing as many people are not tech savvy and have little understanding what the implications are for them. Most ignore it completely as they don't understand it, but the point is that many will now start questioning what these things mean for them and that is a wholly good thing.

GDPR also covers things like the right to be forgotten (for free) and the subject access request (for free) as well as a host of other things. Whilst annoying for companies and developers most are already compliant with many of the regulations and its a great thing for users.

I don't know how it impacts advertising but isn't tracking consent enough? So long as you explain why you are using cookies (or other persistence) and what you are tracking the advertising video bit becomes irrelevant no?

[mazoku]

Because of this stuff I am unpublishing most of my apps on my personal android account. They are old and not making much but I don't want to risk. My company apps need update but I am not sure with Admob what I need to add to them. 

[mazoku]

And one more question. When you record the positive consent of a user, what data for the user you record?

[bambo]

https://support.google.com/admob/answer/7666366?hl=en
Here is probably the best source of information on what you need to do to meet GDPR requirements in your mobile games. At the very bottom of this page you can choose language (hope your mother tongue is there). 

[mattstyles]

12 hours ago, mazoku said:

And one more question. When you record the positive consent of a user, what data for the user you record?

Very little, and nothing that could be construed as PII.

Could literally be a single key/value pair in local storage: `consentAll: true`. You must then use that value in subsequent visits to the site to control behaviour (in your case this could be used to turn Admob on or off).