noyb has filed a complaint against Ubisoft, the French video game company known for titles like Assassin’s Creed and Far Cry.
The complaint highlights that Ubisoft requires users to connect to the internet every time they launch a single-player game, even when no online features are involved. This practice allows Ubisoft to track players’ gaming behavior, such as playtime and session start and end times. Despite being questioned by a user, the company did not explain why this constant online connection is necessary.
Ubisoft’s practices around data collection paint a troubling picture of how modern gaming companies increasingly value surveillance over player autonomy. Despite offering predominantly single-player experiences like Assassin’s Creed or Far Cry, Ubisoft mandates an internet connection just to launch these titles, even when no online functionality is involved.
This forced connectivity isn’t for the benefit of the player — it’s a convenient excuse to silently harvest behavioral data. Every time a user launches, plays, or closes a game, that information is quietly sent back to Ubisoft. And it doesn’t stop there: during just ten minutes of gameplay, a user discovered that the game contacted external servers 150 times, leaking data to companies like Google, Amazon, and Datadog.
What makes this worse is Ubisoft’s evasiveness when questioned about the practice. They hide behind vague justifications in their privacy policy and EULA, claiming it’s all to “enhance the game experience.” But the truth is, they never obtained meaningful consent from users. Even though ownership can be easily verified through platforms like Steam, Ubisoft insists on making users log in through their own system, granting them access to a trove of personal data without legal basis. Their system is engineered to default to surveillance, not privacy.
This isn’t a case of poor design — it’s a deliberate strategy to mine user behavior for profit, with total disregard for GDPR compliance. Ubisoft’s opaque handling of data access requests, combined with its dismissive attitude toward player concerns, underlines a business model that treats user data as a commodity.
There’s a stark difference between improving a game and exploiting a player’s trust. Ubisoft is clearly doing the latter. And now that a formal complaint has been lodged in Austria, it’s time they were held accountable — not just with fines, but with structural changes that respect players’ rights and privacy.
Baburajan Kizhakedath
