KSC We have a problem!!

[ecat]

I love the ideas behind the new DLC, enhancements to robotics and exploration, OMG, a dream come true! And then I go to download the dlc via my KSP account,  original KSP purchase Order Date: 2013-05-25. I have no problem being 1 month out of the free update date, take my money. BUT, as I'm paying directly via pay pal  I do have major problems supplying:

First name: required field.

Last name: required field.

Address Line 1: required field.

City: required field.

State: required field.

ZIP: required field.

Country: required field.

Phone Number: required field.

I'm sure we can come to some mutually acceptable accommodation before I need to invoke a GDPR request as to why you need such a comprehensive summary of my personal information before allowing me to GIVE YOU $15

 

[Xavven]

I see where you're coming from. I've had businesses ask me for my date of birth and social security number, and my first thought is "no freaking way you get to have that info!"

Whenever Steam asks me for my birth date (because the content is not appropriate for children), I'm always gonna be a 119 year old man born on January 1st, 1900.

Address is less of a problem for me if I'm buying someone on a credit card. I'm pretty much used to entering that info on Amazon or Newegg since they have to ship you stuff. KSP is an electronic download, so they don't really need it, but then again maybe they do in order to process your credit card.

Honestly enough vendors have my home address that it's not a big secret at this point.

[Gargamel]

Moved to the Network, as it's abou the website and not the game. 

[Vanamonde]

Who is asking for this? Paypal? KSP store? 

[kcs123]

1 hour ago, Vanamonde said:

Who is asking for this? Paypal? KSP store? 

KSP store. And I bought it by Paypal and final price for my Country was 18$ instead of 15$. And they already have all necesasry data in store account database.

Edited June 1, 2019 by kcs123

[ecat]

Yes, the KSP store.

I use Paypal to avoid this sort off nonsense,  and I've been in the IT field long enough to know that no info you put on the internet is ever truly secure.

As a long time player I'd love to believe this is simply  an over site and the information gathered is not being sold off to subsidize web site or development costs. My outrage has subsided since the OP, but when dealing with Europe there is a legal requirement to collect the minimum amount of personal information required to provide a service or product and I suspect the purchase form violates this requirement.

Now, I could buy the game a 2nd time from Steam or GoG and avoid the official web site from this point on but I feel an official statement or a change to the purchase page is a reasonable request.

 

Edited June 2, 2019 by ecat

[Red Iron Crown]

Steam and (I think) GoG collect that same information. Name, address and phone number are well established as acceptable required information to complete an online transaction, a GDPR complaint would likely be dismissed out of hand. 

Companies are reluctant to do online business with anonymous entities, in some jurisdictions its explicitly forbidden for money laundering prevention. 

[ecat]

I have no argument with the community, Red Iron Crown and Vanamonde especially are names I have known and respected for the longest time. However:

 

On 6/3/2019 at 3:59 PM, Red Iron Crown said:

Name, address and phone number are well established as acceptable required information to complete an online transaction

What was acceptable before 25 May 2018 is no indication of what is currently acceptable. And while, perhaps valid with respect to a credit card transaction...

 

On 6/3/2019 at 3:59 PM, Red Iron Crown said:

Companies are reluctant to do online business with anonymous entities, in some jurisdictions its explicitly forbidden for money laundering prevention. 

In this instance the "anonymous entity" is PayPal, as such any question of nefarious intent or dealing falls entirely within their jurisdiction. My argument is simple, a transaction made via PayPal against a six year old account should require little, if any,  of the "required information" currently requested.

I'll reserve discussion of the GDPR "spirit" and "principles" of data protection for a later, by which I mean hopefully never, date.

[Red Iron Crown]

PayPal is the payment method, not the entity with whom the transaction is being made. You could as easily argue that Visa or Mastercard are the "anonymous entity" for that type of purchase. 

What you think should or shouldn't be required doesn't matter, the governing rules of the jurisdiction do. I work in finance and I can tell you that anti-money laundering regulations are incredibly strict, and online transactions with anonymous entities are a huge no-no because they're so untraceable. 

That's not to say such laws are compatible with GDPR, I've come across some instances where a company faces contradictory laws where there's no path that doesn't result in noncompliance. In such cases they usually choose to honor the laws that are more likely to be investigated/prosecuted.

Please note here that I'm not speaking in any official capacity for Squad or anyone else, just sharing my experience and opinion. 

[Vanamonde]

At any rate, this has been brought to the attention of the appropriate parties.