The last sentence is the continuation of the first sentence, the sentences in between only explain why the first sentene is true;
i.e. the meaning was that lobby userdata becomes anyonymous if the IPs are gone.
So I can clarify that.

But are there further exemptions from that state? It's equivalent to the question whether we are obligated to be able to enforce the use policy in every forum post and chat message since the beginning of forum posts (i.e. if we had to proofread before allowing forum posts to be published, i.e. removing the instant from instant messaging))

It would be easier for us to have the computers handle that, but it will require lots of coding and has to be secured against abuse too.

Maybe a bit of coding, but certainly worth a ticket

Following art 15 and 16 we need some lines on rectification and erasure of accounts (for now probably just the e-mail but some lobby buttons would be nice in the future)

a space too many

You probably refer to Art 17 Right Of Erasure more than 15 and 16. https://gdpr-info.eu/art-17-gdpr/

But that right is rarely given, especially because we dont process with consent and only process the minimum for performing services and project development

where one of the following grounds applies
the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1)

I don't think we need erasure of accounts, but the erasure of IP addresses.
It's related to the above paragraph claiming it's anonymous data if the IP is gone.
You have to consider that deletion of an account means that someone else can recreate the same account and thats kind of an impersonation problem, so we better ban an account if a user wants to stop being able to login.

indeed meant 16 (rectification) and 17 (erasure)

the only point for 17 I see relevant for us is a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; but as the ip-address is collected for Abuse and we delete everything after 2 years, we can argue we still "need" the data for that period. (Don't know if we need to explain this here)

Rectification probably can't occur as the current IP address will always be correct

Doesn't requiring authentication mean gathering even more personal data ?

Not sure the P should be a Capital.

I am not sure of the legal meaning of "for example", so maybe "including, but not limited to" would be more accurate.

"refers to the algorithmic processing of player match statistics"

Also add at the end: ""Rating" also refers to the aforementioned comprehensive score". (See the next bulletpoint for an example of that usage)

Which port number are we speaking of here? Time of connection and presence changes are in the Lobby Chat, am I wrong?

If only the IP address is actually stored for moderation purposes only, I think this should be 2 years like in the next section.

Looks good to me.

This key issue seems to state that if the user is below 16 (or 13 if the national law states it), we need parental consent, since our service is open to both children and adults. So maybe add a sentence about parental consent that applies to the whole policy, and don't make this specific sentence dependent on the user's age.

Do you mean "not verifiable by us" or is it a wording with a specific meaning?

Do you mean pseudonymous instead of anonymous? And when you say "stop using", do you mean terminating the account, or just stopping using it? Maybe rewrite it like you planned to and I'll comment on that.

"file a personal data request"

The idea of sending a passphrase by email that can be posted in the lobby sounds good to me.

I agree with bb that we could have a ticket for adding a few features to the lobby bot, mainly erasing a user from the database, and extracting their data from it. The former would need admin rights, and the latter would need admin rights or being said user.

I think Stan is right, but it's not a big deal: just write a short remainder that emails sent to the user-data address will be kept for N years in order to be able to prove we complied with the request.

I think this is a bit too narrow: we need to exclude a modified version that leaks data on purpose. I would phrase this as:

"Official software" refers to the software "0 A.D. Empires Ascendant" published on the Wildfire Games website, or any modified version of this software that handles personal data correctly, i.e. as described by the accompanying Privacy Policy.

Is that what you wanted to mean by this definition?

"Only access the service through" maybe? Just nitpicking.

What about going even further: "Use the service at your own risk, without assuming it will behave as you would expect. We do not take responsibility for the content posted by users on the service, nor do we guarantee the service to be safe to use, working or fitting for a particular purpose".

Yes I think that's good. See my suggestion about making the SVN version the official one, let me know what you think and whether it's a bad idea.

I agree with elexis, the phrasing is fine. Maybe "not publish own or other's personal data"? (the capital p doesn't matter I think).

yep, lgtm

Everything after the first comma is useless and/or wrong here. Should be "publicly available" imo.

Indeed, unclear.

It's not, is it? The software in this case is the lobby backend, not so much the frontend.

I think we can't actually guarantee anything here given the open-ended nature of the lobby, so ideally we should require an email and verify accounts (sending the privacy policy along) - unverified accounts should be deleted ASAP.

Seems impossible to enforce to me and likely useless/negative.

Not sure what "for example" could mean otherwise than including but not limited to. (I tried not to repeat the phrases and keep it short)

All of the definitions were (1) repeated in all terms and (2) can be inlined to shorten and make it more forward.

UDP and TCP port numbers for XMPP and enet connections, but it seems irrelevant / implied

(In your pull request from September 25th https://github.com/elexis1/0ad/pull/1 you pointed out that it's not anonymous but pseudonymous)

As it turned out, there is COPPA, 0 A.D. is not directed to children below 13 and that we don't use Consent as a legal basis, because we can't obtain parental consent and don't want to process things that aren't already in our overriding legitimate interest (according to best knowledge and good faith).

The idea had been that to claim that all data is pseudoynmized, even if someone claims to be the emperor of china on the chat. Anyway, rewritten.

Yes, "anonymous" goes out of the window. Even pseudoynmous is not true for people whos nicks are known. For example 0AD Youtubers with their realname, or our commit credits or forum postings like the legal waiver thread.

handles personal data correctly

Correctly is what we define in the Terms to be correct handling, that is also compliant with GDPR and COPPA.
If we want people to stop violating the ToU, then they must learn our ToU, not a modified one.

There was also much empty space behind the clauses.

That was one of the universal grants that was probably entirely against the DPD, the predecessor of GDPR.

Well, it's about protection from damage that we could be held legally accountable unless we exclude the liability (somehow). "Fitting for a particular purpose" at least is nothing that I expect someone to claim, in particular legally.

Downloading newer terms and storing the version online is a good idea but kind of hypothetical.

The phrasing was wrong since every chat message is personal data, because it "relates to an identifiable natural person".
Personally identifiable information was meant.
It's indeed hard to impossible to enforce, but we can still inform people what they shouldn't do and what we may ban people for.
The benefit of the clause is having to not delete things that aren't posted and to minimize the impact of chatlogs.

No JID vs nick mentioned? I guess its necessary since its possible to /nick.

IMO, this is too specific. What about cases where a user is suspected but no account has been banned?
Would suggest “persons suspected of violating the ToS” or is that a violation of GDPR? (To act on suspicion)

Typo, neeeded
Also “minimization” for consistency. But I guess that cant be done.

11

Depcition

IMO, reads better with “authorized by Wildfire Games”.

I believe that's the correct formula, at least that's the one I've seen all over documents when quoting stuff that might happen. I guess the idea is to be idiot proof

(GDPR 13.1.c) maybe ?

@smiley I'd say that, since playername is defined here as "[the] name that the player chooses at the time of registration", it is the JID. Adding technical details would be confusing, and would make the terms dependent on the implementation.

@smiley You make a good point but this phrasing makes the purpose of the processing clear. Inferring the ISP or the country of origin will usually be done for this specific case. Maybe we could write Enforce the Terms of Use, for instance where persons [...], in order to reduce the restrictiveness, but I don't have a strong opinion.

"related" to the game, no?

for consent to process data

I have difficulties to understand the phrasing here (contrary to the rest of the document which is very clear). Is there a comma missing between legitimate interests and "balancing test" assessments? I'm not sure what "balancing test" refers to, actually ?

That's a heading, so it looked too ugly to keep the reference

See recent Terms of Use change:

2. Not impersonate other users of the service and only use your registered username in multiplayer matches.

Just because people decided at the time to implement XMPP and XMPP doesn't have good moderation tools doesn't mean that XMPP servers or rooms can't have custom room policies restricting XMPP features that are implemented on the front and backend. Usually ToS are enforced by refusing the service, so things ought to be configured or implemented in ejabberd. There may be other chatrooms that you can use with the 0 A.D. XMPP client that allow nickchanges.

Why would "x (for example y)" not be 'idiotproof'? (Coudln't find anything online)

My sentence missed the case where people create the Nth account without any of the existing ones having been banned prior. That's a common case as well.
"persons suspected of violating the ToS" is false, because the IP logs exists only for a specific reason, people creating unpermitted accounts, since all(?) the other ToS aspects are solved without the IP logs.

Actually stolen passwords may also be detected this way and the perpetrator may be identified. But they are probably covered by cyber-attacks and that has only occured in one or two cases so far, while creating a new accoutn after being banned is something very frequent and something that leaves us without the ability to enforce the ToU if we don't do it this way or a more difficult way (like not allowing chat until 20 hours of being online in the lobby, not allowing rated matches until 20 hours of played matches or something. Email registrations. Also it would log more but different data, so it's questionable whether it's better.).

If we have new use cases, we can add them later in a new revision (as long as the data up to this point is not processed for purposes incompatible).

Since there are no definitions for balances and the balancing tests / legitimate interest assessments aren't giving a clear answer to retention times either, my stomach says two years max. On the forums they are stored forever it seems. Other moderators proposed longer retention times. There should be a filled out LIA test to justify that and then it may still be extended if it's deemed necessary and so forth.

Notice that there is no retention time specified for chat messages, so the mentioned criteria have to be used to determine that time.

Why not use present tense consistently?

ack

This document is in en-US and it quotes from en-UK. Going for US though.

Ah, GDPR 11 part of the UserReporters Terms_And_Conditions, copied, pasted, deleted instead of adapted.

legitimate interests "balancing test" assessments was picked from
https://static1.squarespace.com/static/57ff6b30bebafba9d10c7dcd/t/5a5f3336ec212d22697ba776/1516188471440/CII+Guidance+Notes+Legitimate+Interest+%27Balancing+Test%27+Assessment+Template+%281%29.pdf

Balancing test assessments are not called like this in GDPR itself, are they? I believe the missing piece is not a comma, but a "through" then.

The word balancing test is not defined in GDPR but is derived from the legitimate interest base article 6.1.f, Recital 47 and the Data Protection Directive standards. and GDPR 5 (accountability) stating that we get the burden of proof to demonstrate compliance with 6.1.f..
LIAs are different from DPIAs. So reducing to legitimate interest assessment and s/or/and.
The term LIA is very common, used by the ICO too, so people who will try to perform what is posted here, will figure it out if they try.