Hey gog, I just claimed the free game on the gog.com homepage (thanks), but did not notice that the terms of this giveaway were 'subtly' but importantly different than the terms for previous giveaways, namely agreeing "to receive marketing through ... GOG's Trusted Partners' services". According to the subscriptions page and the linked to support page, that means "Google Ads Customer Match" and "Meta Custom Audiences" (i.e. facebook), and that both would receive a hash of my email address.

I am very much not okay with these particular two parties receiving my email address, even if it's hashed, so I immediately withdrew my consent. Now my question is: Did you immediately transfer my personal data to them when I clicked on the green button on the homepage? Or does this only happen once an hour / a day / ...?
If it's immediately, did removing my consent then cause a second signal to go to them to remove my hashed email address?

Also, does this transfer happen on the back-end (that is, through your servers), or on the front-end (that is, through my browser)? In the latter case, my IP-address would also be transferred - but I'd actually prefer this, as then my privacy-extensions will have stopped the data transfer...

N.B. The privacy policy which you link to from the homepage banner does not include the detailed information about this program which shows on the aforementioned support page. You might want to update section 10.3 of your privacy policy with that information and/or a link to that support page.


(And yes, yes, file a support request - but the answers to these questions should be of general interest...)

:-(

Are GOG's finances so bad they must do some side business too. (No question mark as I do not expect an answer.)

Is the next step to offer some crypto mining scheme á la Norton? Or was that Symantec, same company anyway.

Thanks for the heads up: immediately unchecked the box on the new entry.

It's already unchecked for me, but that would probably explain why Ublock O went from 0 elements blocked on GOG to 2.

Oh well, time to keep honoring my self-enforced promise to not click on anything on the front page. Bet that makes a frustrating engagement metric.

https://www.gog.com/forum/general/ads_when_redeeming_gaming_amazon_code/post21

I am not even sure if such moves are perfectly legal. There's the special section in the privacy setting that explicitely is telling GOG that we don't want to give our data to their trusted partners yet the giveaway seems to ignore this setting since it says that you HAVE to give them permission before you can get the freebie. Does sound pretty fishy to me and at the very least not exactly compliant to GDPR standards. Not interested in this freebie bit I will watch the next freebies very carefully. Thanks to the OP for making me aware.

Thank you very much for making noise. I didn't realise this thread existed and posted my own, thinking that this is enabled for all accounts, when it actually isn't.

Welp. I will be adding GOG giveaways to my RSS blacklist. I trust this company less and less each year.

CDPR, if your reputation is built around being the "good guys" of the industry, why do you keep embarrassing us with these additions? Do you not expect Phantom Liberty to sell well? Why are you making your platform even worse?

Everyone making money on the internet is either friends or enemies. So your data is never in one place, but is rather "whispered" in closed circles of "trusted partners". Like the meme says, you'd better believe in cyberpunk dystopias, because you're in one.

And it's not (just) your email address, that's perhaps the least relevant thing they'd want to be aware of... but I'd rather not keep you up at night. It's not a question of them being bad, it's a question of "our duty is to our shareholders, and we have to find ways of maximizing our profits". That's how the corporate world works. Ask any Teladi :P.

So this is from a US perspective, I don't know if the same applies to Poland or not; but it's actually a myth that corporations are required to maximize profits for shareholders. Rather, the duty is to do what is best for the company. https://legislate.ai/blog/does-the-law-require-public-companies-to-maximise-shareholder-value

Generally companies seek to maximize profits because it benefits them directly, though I'm sure keeping shareholders happy also factors into the decision.

Edit: Forgot to add the source for the quote.

Thanks for the info.
Not sure exactly when I opted in to that......but now it's opted out.

Honestly I am more surprised they didn't already Google for their newsletter + adds before, I thought that was the reason for the "trusted partner" section in the privacy policy.

Apart from that, it's optional, it's opt-in (even if it does requires you to read before clicking) and it can be disabled, so I don't really see a big issue with it.

dirty - yes
low brow - probably
illegal? - doubt it


I think steam has the same thing but you cant opt out of that.

Unfortunately, it is perfectly legal, even under the German interpretations of GDPR (which are easily the most stringent interpretations of GDPR globally - which as an aside makes a bit of a mockery of them being supposedly Global Rules, but hey).

The "freebie" is actually a sale where the consideration is you giving consent to receive marketing communication and providing your data to the trusted partners. It's explicit consent (you see the wording before you click the big green button) and the wording makes it clear that the consent is primary and the reward is secondary. There is some case law on this, but if you want to raise a GDPR challenge in the relevant courts I would be interested to see whether you won (however, given how clear the legal precedents are, I suspect you would just lose a load of money in legal fees)

No. In fact, all third party tracking on Steam websites is opt-in, meaning that no tracking scripts are active unless you accept the cookie dialogue, and recently they got rid of Google Analytics.

store.steampowered.com/news/group/4145017/view/3719453992486109638

That isn't to say they don't do their own forms of tracking, however I believe it isn't excessive, and they don't appear to sell any of that data either.

The big issue with GOG's approach is that it is sneaky, and it is mandatory to enable this level of tracking in order to use certain features, such as game giveaways. There is no case I am aware of that Steam imposes restrictions if the user doesn't agree to sharing some kind of data.

ah ok, well lets riot till gog removes it, they did it over the hitman debacle. we can do it again.