Weaponizing The GDPR: Gamers Want To Use It To Flood Blizzard With Requests As Protest Over China Appeasement

from the what-exciting-times dept

We live in such fascinating times. We've had some posts concerning people getting (rightly) angry about Blizzard banning a top player who supported the protests in Hong Kong. In order to make the company feel more heat, apparently some pissed off players have been plotting to weaponize the GDPR and flood the company with data requests. This started with a Reddit post directly telling users that if they're upset about Blizzard's decisions regarding Hong Kong, to hit back with a GDPR request:

I know a lot of people, myself included, are upset by Blizzard/Activisions spineless decision to ban Blitxchung. After personally uninstalling all of my Blizzard games, I thought, "what else can I do?". The answer, is GDPR requests. Let me explain.

Under EU law, you're allowed to request all information a company has on you, along with the purpose of this information collection. What most people don't know, is that these requests are VERY hard to comply with, and can often take a companies legal group 2-7 days to complete PER REQUEST. If a company doesn't get you the information back in 30 days, they face fines and additional issues. In extreme cases, a company can request an additional 2 months to complete the requests if there is a large volume, but suffice to say, if a company gets a significant amount of requests, it can be incredibly expensive to deal with, as inevitably they will have to hire outside firms/lawyers to help out. So, if you want to submit a GDPR request, and live in the EU, you can use the following form letter....

I've actually been in the middle of investigating a different story about a possible weaponizing of the GDPR, but the details there have been a bit murkier, so it's fascinating to see things laid out so clearly here. To be clear, there does appear to be some cleverness here, though, it's true that such requests are a pain in the ass to comply with and can be costly and resource intensive. And while it may be fun and cathartic to use that power against a company like Blizzard as a way to punish it for its ridiculous stance, be clear that these kinds of weaponized GDPR requests are likely to be used against many others as well, including companies you might actually like.

This is yet one more reason why, even if you support the overall goals of the GDPR, you should be very, very concerned with how the law is actually implemented.

Filed Under: appeasement, china, costs, data requests, gdpr, protest, weaponizing
Companies: blizzard

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Paul B, 18 Oct 2019 @ 11:06am

    Re: Re:

    I work in this area, for some firms, a GDPR request is fairly easy to respond to as they only store customer contact information for shipping and purchase history. Think a small business selling products.

    At the other end of the business spectrim is a conglomerate like Bank of New York Mellon. 21 distinct business entities covering everything from bank accounts to investments to call centers. A single request could impact over 100 people, has subjective rules, and even legal limits to what data can be provided. The CEO may not care, but the C-Suite cares a heck of a lot when call center employees are going into overtime, work loads spike, and new software is needed to manage the request since you have so many moving parts no human could walk this through a firm of this size easily.

    Never mind internal politics and firewalls that prevent communication also need to be breached or the entire firm is on the hook for huge fines.

    I do suspect a judge would be not as crazy as to tell a firm getting hit by 100k requests in a single week that up to then was getting perhaps 10 to 20 requests that they should be fined for not clearing the backlog fast enough when the entire business is shut down more or less just to respond to requests.

    Yes the GDPR is that bad for large firms.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.