I just noticed that Minecraft now has a Telemetry Data Collection section in the Options, which cannot be turned off, only set to "minimal".
This is illegal in the European Union. The GDPR forbids forced collection of personally identifiable information that is not essential to the service offered. You may ask for permission to collect it, but you may not make access conditional on that permission. The "minimal" setting includes the user ID, which is certainly PII, and so may other fields be.
It must also be opt in. You cannot enable it by default and bury the opt out in the settings.
The maximum fine that can be levied under the GDPR is 4% of annual global turnover, for which Microsoft is now potentially liable.
This requirement cannot be waived by general terms and conditions or EULAs. Facebook just lost a case about that. I see other tickets about this have been closed as "won't fix". If Microsoft's legal department is relying on similar arguments as Facebook, which seems likely, they will probably also lose that argument.
Hopefully Microsoft will allow this to be turned off. If not the next step will be a complaint to IMY.
Linked issues
duplicates 1
Comments 4
Mojang's legal team is wrong. Do NOT keep pawning off this issue by hiding behind your legal team. I will now proceed to register a GDPR complaint against Microsoft.
That's absolutely correct. Sadly, I think MS sees the collection of data as a benefit to their company and probably thinks that as a massive company their expensive lawyers can find loopholes in the law, basically making them untouchable. In fact, I believe that MS actually KNOWS what they are doing is illegal, but literally doesn't care, because they think they are too big to lose in court. They disabled the snooper function only until they felt they could be sneaky enough to bring it back without notice, or until their hubris finally got strong enough they finally thought they were truly untouchable. So I hope you actually do follow through and file the report though, and hopefully the courts in the EU will sue MS and win. Until MS changes it back to being GDPR compatible, I'm just going to not play the latest version of Minecraft anymore. I don't want personal information to be on servers. Even servers of big corps like MS's internal servers where the data is held are not unhackable. A smart enough hacker could eventually hack them and steal the data. And if all that player data does get leaked to the dark web, then all the players are screwed. Well I wont be one of them. I'll not play any version of Minecraft that either has it permanently enabled or that has it enabled by default (even if switching it off is possible). Because all it takes is ONE TRANSMISSION of telemetry data to be sent, for MS to now have a HUGE trove of personally identifiable information on you, that you can only get rid of by literally buying a new computer (so the telemetry data about your computer is now obsolete).
Duplicate of MC-237493, according to Mojang's legal team, the limited required data does not break GDPR law.
Do NOT intentionally create duplicate reports.