Electronic Arts Responds
Following email inquiries and perhaps as a result of my article last week Invasion of Privacy Policy?, Electronic Arts' Privacy Policy Administration has responded to my questions regarding their access to sensitive customer information originally submitted to Xbox Live. I will post the entirety of the response below; it is fairly substantive and offers a far clearer description as to what information EA is gaining access to when you create an EA account through an Xbox Live game. They do retrieve information from Microsoft such as email, name, and general age, but they are not retrieving your credit card information, or phone number. This addresses the most serious of my concerns, and it is nice to have a clearer statement from Electronic Arts as to what customer information they have access to, and how they are protecting that information.
Additionally, Electronic Arts intends to take steps to "clarify these points in a future update" of their Privacy Policy. I appreciate the detailed response, and am happy to pass it along.
I have pasted the full text of the response below without further editorial.
Dear Mr. Sands,We have received your email of August 9th. Our apologies on a delayed correspondence prior to your posting on the internet, but we wanted to have complete and accurate answers to all of your questions before responding. Here are clarifications to your inquiries and we hope that you will pass this along to your readers.
EA does not receive credit card information from Microsoft when an EA Account is created or products are purchased through the Xbox Live Arcade. In order to establish an Xbox account, Microsoft does provide EA email, postal address, age and gender. (We don't actually receive your true date of birth from Microsoft – only your age which our system approximates to a date.) We do not, however, receive phone number, mobile number or credit card information, etc. from Microsoft.
EA maintains all customer information using appropriate safeguards to ensure the security, integrity, accuracy and privacy of the information provided. Personal information is never provided to any third-party without the accountholder's consent. Should we receive consent, the information provided may be shared with one of our promotional partners but we do not maintain a list simply for the purpose of sale to any party who requests it. We are very selective and sharing information to key licensors and service providers. Customer's can always opt-out of sharing their personal information with third parties and may modify this information at any time either by accessing their "My Account" page or by sending an email to privacy_policy.ea.com.
We believe this confusion was caused by an unintentional association of our discussion terms specific to Xbox in close proximity to those that apply more generally. The section you identified in your message, http://www.ea.com/global/legal/privacy.jsp#infoCollected, is titled "What is personal information and when does EA collect it?" and was written to address all forms of information EA collects in all possible circumstances. Not all forms of information collection are combined and most operate through completely unrelated and non-interacting operating systems. As an editor, I'm sure that you can understand how this confusion could occur. Please be assured that we will take steps to clarify these points with a future update and thank you for bringing this to our attention.
Sincerely,
PRIVACY POLICY ADMINISTRATION
- Elysium
Print
Delicious
Digg
I don't understand why they need our address If it's for technical reasons - say putting us on the right server - wouldn't just a country/state be appropriate?
Not trying to start a flamewar, just to understand.
Rhymes with 'yidcaff'. I don't use smilies. Imagine a wink and a wry grin at the end of most of my sentences. I don't like using exclamation marks either. I'm more friendly than you imagine.
I too sent an email on the 17th and received the same exact response. I don't know what you wrote to them but I took this from DQ.
I hope they are telling the truth.
XBox Live|Tshirts|My Music|GameFly|xfire
Let's cut through the fancy talk, shall we?
Bravo.
Consent which you must provide to play their games online. I see nothing intrinsic about "playing online" requiring "consent to receive marketing junkmail." However, this will never change without legislation.
EA doesn't sell to porn sites. Of course, there is nothing preventing EA's "promotional partners" from doing that once they get the information. Once it's out there, there is no control over where it ends up.
We shall grapple with the ineffable, and see if we may not eff it after all.
It's nice to see that they responded, cordially, and with good news. It is unfortunate that it took a public posting of the matter on a respectable website to earn that response.
Excuse me, I forgot. It's not innovation unless it involves another texture pass. - Tycho from Penny Arcade
Game journal - Infinite Ego
My Rock Band profile
Took them long enough to respond.
I will wait until their new and improved policy comes out before making any final decisions on EA.
I also wonder why the heck they need someone's postal address? Seems a bit much.
"Can I have a job? I donut have much experiences, butt I always use an spellchecker spellchecker on my articles." - Sway
Using Prayer To Microevolve Latent Antibiotic Resistance In Bacteria since 2005!
Spoiler Fanatic!
My thoughts exactly - if they are going to share the information I'd like to see the privacy policy of the institutions they're sharing with first. They may be legit, but are they going to share it with their 3rd party partners (4th party organizations?!) etc. ad.inf.
Given a long enough chain of this kind you just know there's gonna be a screw-up along it at some point.
Love thyself (just not in public)
Love thy neighbour (remember to ask first)
Certis wrote:
Either way I'm not going to stop playing Burnout. I just ask that they include my Takedown! record along with my credit card info.
Mr. Richthofen card number xxxx-xxxx-xxxx-1234, expires 02/08, 7428 takedowns. I want them to be impressed if they rip me off.
Letters to the Internet
I for one am somewhat mollified.
Still unhappy at the loopholes their leaving open for sharing our information, but it is nice to know they aren't collecting CC# information.
Prepare to be slashdotted in 5... 4... 3... 2...
Being fangoriously devoured by a gelatinous monster.
The postal address is so they can sell the info to "partner companies"...read; marketers. We can't end dead tree junk mail because of nonsense like this. EA makes a fair amount of profit by selling user data.
*Legion* wrote:
The most recent PC gamer Podcast mentioned the orginal article by Elysium that got this response from EA.
"Can I have a job? I donut have much experiences, butt I always use an spellchecker spellchecker on my articles." - Sway
Using Prayer To Microevolve Latent Antibiotic Resistance In Bacteria since 2005!
Spoiler Fanatic!
Hey Ely, GWJ made the Dallas Morning News, when the quoted EA's response to you. I'll scan the newslet in and mail you the original.
*Legion* wrote:
Shhh don't tell him or the escapist will try to get him to sell out too and we'll lose all our reporting on gwj!
Unfortunately, if I slash my wrist with my lightsaber it cauterizes instantly. - PurEvil on emo Star Wars plots.
http://www.dallasnews.com/sharedcontent/dws/ent/overthetop/stories/DN-OT...
Xfire/XBL
gr.umpic.us
grumpicus.com
I am pleased that after a year of plenty of sites asking for clarification on this point we were able to get the issue a response and some exposure.
Thanks very much, I'd like that.
"I think Elysium has the right of it" - Certis
That is... very surprising. This is probably the best we could hope for. I doubt a boycott would do anything to a company like EA which looks at us as a drop in the bucket at that. I kinda laughed when Madden came out and we ran to buy it (I would have done the same thing if I were a huge football fan, no negativity from me!) A flame war would probably fail considering the level-headed group we have here. Publicity is probably the best thing we could hope for and it suggests that GWJ's influence is growing. Bravo.
We shall grapple with the ineffable, and see if we may not eff it after all.
I think the great thing is, from what I saw, we(ok, Elysium) got a response where other sites didn't. As far as I know, we were first. I think that is a more telling testament to GWJ's growth and journalistic integrity than # of members any day.
Nice work, Ely.
"And my son, too, thinks everything is a launchpad, every bug a meal, and every sunny day a reason to take all your clothes off and roll around in the grass." - rabbit
Here ya go darlin. For the mailing...I have the return address from when the lovely Mrs. Ely did my logo design...is that the new house? If not, please pm or email me your current mailing address and I'll pop the newspaper in the mail to you.
*Legion* wrote:
I've found out that EA are publishing Team Fortress 2 for the 360.
Anyone else got any concerns about buying an EA product? I'm tempted to write to them and ask them not to use my details for marketing purposes (which I believe I'm entitled to do under UK law).
Or I could just buy the Steam version, except I know so few people in the UK that play it.
Rhymes with 'yidcaff'. I don't use smilies. Imagine a wink and a wry grin at the end of most of my sentences. I don't like using exclamation marks either. I'm more friendly than you imagine.
I'd be surprised if the game ran on EA servers. Far as I know, they're just handling distribution.
Certis beat me to it. - Elysium
I hadn't thought of that. I'll poke around.
This is from EA's latest privacy statement:
Xbox
If you sign up to play EA games through Microsoft's Xbox LIVE Service, Microsoft will provide your Xbox LIVE user account information to EA so that we can establish an EA Online account for you. You need an EA Online account to play EA's Xbox LIVE titles. By signing up to play EA's Xbox LIVE titles, you agree that Microsoft can transfer your user account information to EA. Information transferred from Microsoft to EA includes your name, address, e-mail address and date of birth but does not include credit card number or other financial account information.
Rhymes with 'yidcaff'. I don't use smilies. Imagine a wink and a wry grin at the end of most of my sentences. I don't like using exclamation marks either. I'm more friendly than you imagine.
That sucks... how can they just give out your address and date of birth?
Of - power - insessantly
Plagued - by - malefisense
Doomed - to - insidious -
Death - is - he - who - breaks
this - monument - i - prophesy
Because they're tricksy, that's why.
I'm making a stand. I've sent them a letter telling them to stop processing my information for direct marketing purposes. It was a template from the Information Comissioner's Office. I believe they have to comply.
And if they don't comply?
Well, I'll probably capitulate. But I'll be living life on one knee, rather than two.
Rhymes with 'yidcaff'. I don't use smilies. Imagine a wink and a wry grin at the end of most of my sentences. I don't like using exclamation marks either. I'm more friendly than you imagine.
The question is that if they don't respond (which might be quite likely) how will you ever know?
Of - power - insessantly
Plagued - by - malefisense
Doomed - to - insidious -
Death - is - he - who - breaks
this - monument - i - prophesy
They have to sign for the letter. Once I know they've recieved it, I'll give them 28 days or so to respond.
'I'll give them'. As if I could actually do anything to EA.
Rhymes with 'yidcaff'. I don't use smilies. Imagine a wink and a wry grin at the end of most of my sentences. I don't like using exclamation marks either. I'm more friendly than you imagine.
Well if you decide to try and do anything to them, i got your back
Of - power - insessantly
Plagued - by - malefisense
Doomed - to - insidious -
Death - is - he - who - breaks
this - monument - i - prophesy
I know what happens 28 days later!
rabbit wrote:
1Dgaf wrote:
XBL: E Munnie
How they can do that is the other half of the first article I wrote on the topic. My criticism began with EA and their questionable privacy policy - which, I have to admit, was changed as they promised - but the other half of the problem is with Microsoft who says in their privacy policy that they reserve the right to do exactly this kind of stuff. From them I heard nothing. The quote I referenced in the first article was: Some Microsoft services may be co-branded and offered in conjunction with another company. If you register for or use such services, both Microsoft and the other company may receive information collected in conjunction with the co-branded services.
That article is here: http://www.gamerswithjobs.com/node/26475
"I think Elysium has the right of it" - Certis
Yeah, i understand that they reserve the right.... but isn't that illegal? I mean, there's a big difference between reserving the right to refuse admission or services but to share your IP, your information without consultation or solicitation or reimbursement?
I'm not sure the courts would find in favour of the corporation. Moving into increasingly involved systems of identifying who we are means that our personal identity is worth much more - to have companies being allowed to do that with our information in what amounts to dredging for marketing information on their terms and at their discretion just doesn't cut it anymore.
[edit]
I could possibly understand if this service was free.... but it's not. We're paying for it. We pay for Live! We pay for the game. Why should we subsidise them even more by allowing them our statistical information that benefits them, not us, and exposes us to identity fraud and other problems such as spam and profiling.
If it was just email and name then it would be fine but all of your personal details can be derived from the above information. SSN (NI), mother's maiden name - family details, phone numbers and from there bank details and other such things. They are all freely available to corporations that have the money to buy or 'agreements' to share them. We need to start making a stand since they don't and certainly can't guarantee the safety of our information and we've only just recently seen that corporations don't care if they get hacked and consumers details are leaked or stolen. They don't care - therefore they don't protect us.... therefore they have no right to that information.
Of - power - insessantly
Plagued - by - malefisense
Doomed - to - insidious -
Death - is - he - who - breaks
this - monument - i - prophesy