There has been a lot of debate over the last week about the terms of EA’s End User Licence Agreement (EULA) for its Origins download service. This is a post to explain why that is a non-story and unfortunately says more about gamers’ misunderstanding of EULAs and data protection than it does about EA (though in fairness EA could have done a better job to explain itself).
(Note: the EA EULA has since been updated with some generic wording about EA’s commitment to data protection, but that doesn’t really change the above wording so I won’t comment on it further).
Here’s some reasons why this clause is not really the kind of huge issue that some have made it out to be:
(2) EA is bound by data protection law in any event
In other words: no software provider has a free hand when it comes to collecting your data (especially with the heightened awareness about data protection following the Sony PSN attacks earlier this year).
(3) This wording is fairly standard
Tech lawyers quite regularly see the kind of wording in the EULA, which enables the software provider to both gather technical data about their users as well as reserve the right to use that data, e.g. for marketing purposes. Here’s a few examples off the top of my head which are similar to the kind of activity proposed by EA:
The Windows 7 EULA: it includes both the right for Microsoft to carry out (relatively invasive) validation checks as well as for its security features to gather “appropriate systems computer information, such as your Internet protocol address, the type of operating system, browser and name and version of the software you are using, and the language code of the computer where you installed the software“.
The Impulse EULA: explains that interactions via their website can include them (via cookies) gathering data about:
“your Internet (IP) address; login and password information; e-mail address; web browser type and version; operating system and computer platform; purchase history, which we may aggregate with similar information from other customers; the full Uniform Resource Locator (URL) clickstream to, through, and from our website, including date and time; cookie number; products you viewed or searched for; areas of our website you visited; and the phone number you used to call our toll-free number. We also may log the length of time of your visit and the number of times you visit and purchase from us.”
Another section explains that they may share that information with third parties, contractors and in connection with promotional offers.
Obviously, this isn’t a killer argument in itself – the fact that a number of software companies approach things in a particular way doesn’t make it right. You could even argue that in some respects what EA proposes go beyond the examples I’ve given. But the point I wanted to make is that there is nothing radically new in what EA is proposing to do.
(4) Software businesses need to collect data about you to provide a better service
I don’t think EA or other software providers collect data about users’ technical data/purchasing history etc etc just for the fun of it – they do it because they want to improve their service to you. What would be the point, for example, in them offering you a game you already own, or a game you couldn’t possibly run, or just simply have no interest in? It’s a waste of time for them and an irritation for you. The solution of course is targeted marketing – for which they need data about you.
That said, I recognise that this is pretty hard to achieve in practice and there are also diverging opinions about it among consumers: some would quite like it, whereas others (probably those who were angry at EA here) don’t want the collection of data that comes with targeted marketing. But anyway, the point is this: businesses like EA often have legitimate reasons for wanting to collect this kind of data.
That said, there is still an issue here
I think the real relevance of this story is that games businesses need to take extra care to explain to gamers exactly what they mean in EULAs, Privacy Policies and other documentation. It’s not enough to set these documents out in legalese and just leave it at that – that may be sufficient as a matter of law (although I have my doubts about some of the particularly legalistic approaches), but it certainly won’t cut it with consumers, as this story has evidenced.
Ideally, they also need to think about how to take care of the segment of their user base who wants to use their service but doesn’t want all the data collection that comes with it. There’s an easy solution: allow people to opt out of the data collection. A clause along the lines of “if you don’t like it, leave” doesn’t help consumers and may be invalid under the data protection laws of some countries. On this front certainly, I think EA could have done a better job (although I appreciate it can mean some quite complicated administrative/tech arrangements to actually make it work).
Moral of the story:
- Games businesses need to have clear, plainly worded and explained legal documentation and ideally give gamers the ability to opt out of the data collection service
- Gamers need to get less hot under the collar sometimes 🙂