Hi!
I recently discovered the new GDPR law that comes into effect in May. I'm finding it hard to wrap my head around it, but I have tried to read up about it as much as possible. I am wondering how this will affect us sellers here on itch.io as we have lists of our buyers email addresses which would count as personal identifiable information. Will we have to do anything specific to comply, or will this be entirely handled by itch.io staff?
Hey, it will affect sellers on itch.io. We're going to be reducing the amount of information you have about your buyers, including their email address. If you need to contact people directly you'll have to go through our email tool or support system. This so that if we get an account deletion we can clean up the appropriate information without having it be leaked to sellers.
I have also been trying to wrap my head around it. One of the issues seems to be how web portals that offer some content for kids (even if it isn't a "kids content" site) need to age-gate the site (https://www.superawesome.tv/publisher-gdpr-k-readiness-toolkit). Is this something Itch will be doing site-wide or should we be adding our own age-gate to our web games hosted on itch?
itch.io terms forbid anyone under 13 from using the site (because of COPA US law), but it looks like these things can apply to up to 16 years of age. Thanks for notifying me, I'll take a closer look at this stuff. Having a regular age gate on top of adult content is definitely something we need to add though, regardless of these changes.
That being said, if your game has any sort of information collection at all, then you must provide a consent form. As it stands now, itch.io will not ask for consent on behalf of individual creators. (Thought we may set up something to stream line this in the future).
Generally, this means that if you have any kind of sign in or analytics collection that includes personally identifiable information in your game (like username, email, ip address), then you must show your own dialog within the game.
