April 29, 2025, 9:07 am | Read time: 3 minutes
It is one of the largest international gaming companies. However, data protection advocates are now accusing Ubisoft of espionage.
Despite advances in internet connection speeds and the general popularity of online multiplayer experiences, many people still prefer to wander through virtual worlds alone in video games. For them, there are plenty of titles available that technically make an internet connection unnecessary. Nevertheless, it sometimes happens that you need to be online even for a single-player game—especially with games from certain publishers. This is why an organization has accused Ubisoft of spying on players.
Ubisoft Accused of Spying for Player Data
It seems logical: If you only want to play alone and don’t want to use any additional online services, an internet connection shouldn’t be necessary. Nevertheless, Ubisoft, among others, requires single players to not only log into the network but also stay connected for the duration of the session.
The Austrian data protection organization noyb (None Of Your Business) is upset about this. They accuse Ubisoft of spying in this way. In a statement, they write that you are required to log into the network and the Ubisoft customer account even if there is no online function for the specific title. Allegedly, the company collects data this way, such as when someone starts a game, how long the session lasts, and when it ends.
Data Reportedly Passed on to Google, Amazon, and More
The data protectors refer to a specific case that ultimately led to an official complaint being filed. A customer had purchased the game “Far Cry Primal” and wanted to play it offline. However, this did not work, and he was forced to set up a customer account. Subsequently, he wanted to learn more about Ubisoft’s practices and made an information request under Article 15 of the GDPR. In response, he received information about the timing and duration of his gaming session.
However, he discovered through further personal research that within just ten minutes of playing, connections to external servers were made 150 times. In doing so, he found data being transmitted to, among others, Google, Amazon, and the U.S. software company Datadog.
In further inquiries, Ubisoft reportedly claimed that the login was merely to verify the legal purchase. Furthermore, the End User License Agreement (EULA) states that personal data is collected “to provide a better gaming experience” and that third-party analytics tools are used to obtain information about gaming habits, gameplay, login, and browsing data.
Fines in the Millions Possible
What is interesting about the story is that not only did the affected player not explicitly consent to the data processing, but allegedly, there was even a hidden offline function for playing. This shows that data collection as a standard is fundamentally unnecessary. Without the player’s consent, this is not lawful under Article 6(1) of the GDPR.
Therefore, a complaint was filed with the Austrian Data Protection Authority (DSB). Additionally, the data protectors propose a fine. This could amount to up to 92 million euros.
Payment Provider Klarna Analyzes Customer Bank Statements
“Assassin’s Creed Shadows” Revueweded — a Return to the DNA of the Series
Ubisoft Responds to Player Criticism and Postpones “Assassin’s Creed Shadows” Again
How Ubisoft Responds
TECHBOOK asked Ubisoft for a statement on the allegations. We received the following response:
“We are aware of the complaint and are investigating it. Ubisoft is committed to protecting the personal data of players on our websites and in our games. For games that support offline modes, an internet connection is only required at the first launch to validate the purchase and link the game to the player’s account. Players retain control over their personal data through our dedicated privacy center. We continuously work to ensure transparency and support our community with clear, accessible privacy tools.”
Ubisoft spokesperson