close
close

Once Human is in the spotlight amid a storm of data privacy concerns over government data collection policies

Posted on by darion

Free-to-play open-world survival shooter Once Human has spent its first week in the wild facing a series of complaints about its data collection practices, many of which stem from publisher NetEase’s privacy policy, which states that personal data collected from users may include “government-issued identification documents, such as passport data, as required by applicable laws regarding age verification and correction of personal information.”

In response to negative user feedback (the game had a Mostly Negative rating on Steam upon release, but its rating was later increased to Mixed) and social media feedback, the game’s creators, Starry Studio, published a blog post in which they assured that they have no malicious intent with users’ personal data, or at least that they have no malicious intent than any other video game that collects such information.


You can read NetEase’s privacy policy here . The main point of contention is the section directly under “Personal information we collect from you.” This includes “name and contact information,” “such as name, title, prefix, email address, phone number, (instant) messaging account, postal address, date of birth, age, gender, country/region, and government-issued identification such as passport information, as required by applicable laws regarding age verification and correction of personal information.”

Another thing users have noticed is that NetEase can (with consent) collect “location information…such as IP geolocation information, mobile identifier, and Wi-Fi connection location” via third-party services and platforms, which will of course have their own data collection policies. There’s a lot more in the document. If the game worries you, I encourage you to review it in its entirety.

Here’s Starry Studio’s post on Steam in response to privacy concerns. “Once Human takes the privacy of our users’ data very seriously,” it reads. “We only use personal data when we have a legitimate legal basis to do so, such as to provide the services you have requested or to act with your explicit consent. We will only use your data lawfully and reasonably, and in accordance with local legal requirements, while adhering to data privacy principles such as data minimization, purpose limitation, and transparency. We appreciate and welcome any feedback from our players that will help us improve.”

The statement noted that if players have specific concerns about the NetEase launcher, they can play Once Human through Steam or the Epic Games Store.

“We sincerely apologize for any confusion or uncertainty our players have experienced,” it continued. “We hope this clarifies the above, and we assure you that we will continue to maintain a transparent, player-friendly gaming environment, not only because the law requires it, but also because it is the right thing to do.”

As PCGamesN noted, NetEase isn’t the only company collecting this type of data. ZeniMax Media’s privacy policy, for example, states that “in limited circumstances” they may collect “Social Security Number, driver’s license, precise geolocation, and personally identifiable information collected and analyzed regarding a consumer’s health.” Blizzard’s privacy policy similarly specifies that “in some very rare, specific, and limited cases, we may ask you to provide a partially obscured copy of a document or government-issued ID to verify your identity, location, and/or account ownership in order to fulfill our legal obligations.”

Again – and at the risk of coming across as an overprotective pedant and trying to give you homework – it’s worth reading these documents in their entirety if you have concerns about how the games in question handle your data.

As Gamesradar reports, Jason Thor Hall, a former Blizzard and Amazon developer who is now the chief strategy officer at Offbrand Games, believes the online reaction to Once Human’s privacy policy is “scaremongering.” In a post on Xitter on Wednesday, he commented that the policy does not require you to actively provide the personal information you provide in the “Name and Contact Details” section.

“The general internet has perverted this into a requirement and a privacy issue,” Hall wrote. “It is not. They are only sent to the company when required by applicable local laws. That is why it says ‘Receive from you’ and ‘as required by applicable laws.’ In some countries, government-issued IDs are required to access live games. If you are not located in one of those countries, you are obviously not asked or required to provide these documents.”

My rather unassuming tl;dr: I think video games in general suck up so much of our personal data, especially in countries whose governments keep their citizens under tight control. Based on my own reading of the Once Human TOS and the comment above, I don’t think NetEase in particular is doing anything out of the ordinary.

While many of the concerns I’ve read about Once Human’s data collection seem genuine and valid, I think there’s a touch of Sinophobia in some of the angry reactions, as well as an accompanying rejection of how much of our private lives we’ve normalized by entrusting nice, safe Western companies like Valve and Epic. It would be helpful if the furor over Once Human — which, privacy issues aside, doesn’t sound like a great game — could help fuel a broader conversation about these issues.