Weaponizing The GDPR: Gamers Want To Use It To Flood Blizzard With Requests As Protest Over China Appeasement

from the what-exciting-times dept

We live in such fascinating times. We've had some posts concerning people getting (rightly) angry about Blizzard banning a top player who supported the protests in Hong Kong. In order to make the company feel more heat, apparently some pissed off players have been plotting to weaponize the GDPR and flood the company with data requests. This started with a Reddit post directly telling users that if they're upset about Blizzard's decisions regarding Hong Kong, to hit back with a GDPR request:

I know a lot of people, myself included, are upset by Blizzard/Activisions spineless decision to ban Blitxchung. After personally uninstalling all of my Blizzard games, I thought, "what else can I do?". The answer, is GDPR requests. Let me explain.

Under EU law, you're allowed to request all information a company has on you, along with the purpose of this information collection. What most people don't know, is that these requests are VERY hard to comply with, and can often take a companies legal group 2-7 days to complete PER REQUEST. If a company doesn't get you the information back in 30 days, they face fines and additional issues. In extreme cases, a company can request an additional 2 months to complete the requests if there is a large volume, but suffice to say, if a company gets a significant amount of requests, it can be incredibly expensive to deal with, as inevitably they will have to hire outside firms/lawyers to help out. So, if you want to submit a GDPR request, and live in the EU, you can use the following form letter....

I've actually been in the middle of investigating a different story about a possible weaponizing of the GDPR, but the details there have been a bit murkier, so it's fascinating to see things laid out so clearly here. To be clear, there does appear to be some cleverness here, though, it's true that such requests are a pain in the ass to comply with and can be costly and resource intensive. And while it may be fun and cathartic to use that power against a company like Blizzard as a way to punish it for its ridiculous stance, be clear that these kinds of weaponized GDPR requests are likely to be used against many others as well, including companies you might actually like.

This is yet one more reason why, even if you support the overall goals of the GDPR, you should be very, very concerned with how the law is actually implemented.

Filed Under: appeasement, china, costs, data requests, gdpr, protest, weaponizing
Companies: blizzard


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 18 Oct 2019 @ 3:11pm

    Re: Re:

    you can make multiple GDPR requests one after the other without penalty.

    This is because the day after you send a request, your data may change. so you request everything including today....etc...

    Could do it hourly and they STILL have to comply.


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.