Privacy advocacy group noyb has filed a formal complaint against game developer and publisher Ubisoft, accusing the company of unlawfully collecting data from players of single-player games. These titles are meant to be played without interacting with others, yet Ubisoft still requires an online connection and forces users to log in with a Ubisoft account, according to noyb. The organization was founded by well-known privacy activist Max Schrems.
The case was triggered when a gamer requested access to the personal data Ubisoft had stored about him. In response, Ubisoft disclosed details such as a unique player ID and timestamps showing when the game was launched, how long it was played, and when it was closed. During just ten minutes of gameplay, the game reportedly connected to external servers—including Amazon, Google, and Datadog—over 150 times.
Ubisoft claims the online connection is necessary to verify game ownership during startup. However, noyb argues that players were never asked to consent to this kind of data processing. Under the GDPR, personal data can only be processed if it’s strictly necessary. Since ownership of the game is already verified through platforms like Steam, noyb says this requirement doesn’t apply in Ubisoft’s case.
Additionally, Ubisoft has a hidden option that allows players to run the game offline, which further proves that always-online functionality—and the associated data tracking—is not essential, according to noyb. “And even if it were necessary, that wouldn’t justify the extent of data collection happening during gameplay,” the group argues. If Ubisoft wants to gather data to improve its games, it must first obtain users’ consent. “It doesn’t seem legal for a player’s PC to constantly send reports by default,” the organization states.
“Video games are expensive, yet companies like Ubisoft still force customers to play offline games online just to monetize their behavior,” said noyb attorney Lisa Steinfeld. “Ubisoft’s practices are clearly unlawful and must be stopped.”
The complaint has been submitted to Austria’s data protection authority. Noyb is requesting a formal ruling that Ubisoft’s data collection practices violate the GDPR, as well as an order to delete the personal data in question. The group is also calling for a fine, which could theoretically reach up to €92 million.