The General Data Protection Regulation (GDPR) is a European Union law regulating the data privacy of EU citizens. (https://www.eugdpr.org).
For general information about Unity and GDPR, see https://unity3d.com/legal/gdpr.
For Unity’s own privacy policy, see https://unity3d.com/legal/privacy-policy.
Maintaining compliance with GDPR when you use Unity Analytics is a shared responsibility. Unity collects data to help you improve the player experience with ads and game play. Some of that data includes personally identifiable information (PII) regulated under GDPR. Unity provides tools a player can use to opt-out of the PII collection and to manage the personal data collected by Unity as required by the GDPR. Your responsibilities include showing an opt-out button and providing a link to Unity’s privacy policy from your own privacy policy.
If you use Unity Ads, Unity displays a notice to the player the first time an ad is shown on their phone, giving them the option to opt in or out of personally identifiable information collection. Subsequent ads also display a button that users can use to manage their data privacy options. For more information about GDPR and the Unity Ads SDK, see Unity Ads Knowledge base: GDPR Compliance.
If you use both Unity Ads and Analytics, the opt-out mechanism provided by Unity Ads applies to both services.
If you do not use Unity Ads, but do use other Unity services, such as Unity Analytics, IAP, Multiplayer, or Performance Reporting, then you must use the Unity Analytics Data Privacy plugin to provide an opt-out choice to your players. The plugin provides a button you can add to your game that opens a Unity web page where players can manage their privacy settings. Players manage their preferences on a per game, per device basis. Unity Analytics does not track whether the same player plays more than one game made with Unity or plays the same game on multiple devices.
The above options cover any data collected by Unity for customizing Ads and player services. However, if you collect personally identifiable information data on your own, you are responsible for protecting and managing that data.
Best Practices:
Solicit your own legal advice. Nothing in this document should be construed as legal advice.
Read and understand the Data Processing Addendum (DPA) (https://unity3d.com/profiles/unity3d/themes/unity/images/pages/gdpr/Controller-Controller-DPA–5–2–2018.pdf)
List Unity as a third-party which collects data in your privacy policy and include a link to Unity’s privacy policy (https://unity3d.com/legal/privacy-policy) in your privacy policy.
Do not send personally identifiable information to Unity Analytics in Standard or Custom Events.
Do not use the Analytics.SetUserGender()
or Analytics.SetUserBirthYear()
to send gender and age information to Unity Analytics. These APIs are deprecated.
You can obtain the Unity Analytics Data Privacy plugin from the Unity Asset Store. The plugin is available for Unity versions:
The plugin does not support the following platforms: Linux, Windows Phone, Universal Windows Platform (UWP) prior to Unity 5.5, Tizen, Apple TV, Blackberry. The Unity Analytics service now deletes personally identifiable information sent from games running on those platforms automatically. Contact DPO@unity3d.com if you have questions.
Note: that if your game displays ads from the Unity Ad network, the Unity Ads SDK already handles showing a data collection opt-out choice to the player and configures Unity Analytics based on the player’s data privacy choice. You only need to use the Unity Analytics Data Privacy plugin when you do not use the Unity Ads service.
If you do not use Unity Ads, then you can integrate the Unity Analytics Data Privacy plugin, which gives your players control over Unity Analytics data collection.
To integrate the plugin:
Import the Unity Analytics Data Privacy asset package into your project.
Provide an opt-out choice to the player using a button or other UI control.
The Unity Analytics Data Privacy plugin contains code that automatically queries the Unity Analytics Service to determine the opt-out status of the current player. The plugin then configures Unity Analytics based on the player’s preferences. The plugin also includes a Unity UI button prefab. This button opens a player’s personal data privacy page where they can opt-out of Unity’s data collection and view the data that Unity has collected in the past.
Important: If a player has a browser pop-up blocker enabled, their browser can prevent the data privacy page from opening. Some browsers note that a page has been blocked, but others provide no notice at all. Consider adding a message in your user interface that warns players that a pop-up blocker can prevent the page from opening.
To import the plugin into your project:
Go to the Unity Analytics Data Privacy plugin page on the Unity Asset Store.
Click the Add to My Assets button on the page.
In your Unity project, open the Asset Store window (menu: Window > Asset Store).
Click the Downloads icon at the top of the window.
Select My Purchased.
Click the Download button for the Unity Analytics Data Opt-Out Plugin.
On the Import Unity Package window, click Import.
The plugin includes a Unity UI button prefab. When a player clicks this button, it opens the Player Data Privacy page in a web browser. You can also provide your own user interface and open the Data Privacy page manually.
Method 1: Using Unity UI
Import the Asset package into your project.
If you are building your project with Unity 5.1 or earlier, you must call DataPrivacy.Initialize()
. (Initialize()
is called automatically on newer versions of Unity.)
If you do not already have a Canvas object in the scene, add one. (An EventSystem is also required and should be added automatically when you add the Canvas.)
Drag the DataPrivacyButton prefab to the Canvas object in the scene. Find the prefab in the Project window, in the DataPrivacy/Runtime folder.
Adjust the position, graphics, and text of the button to suit.
The button is already hooked up to the Data Privacy API so that it opens the player’s personal data management page when clicked. The page opens in a web browser.
Method 2: Using you own UI
To use your own user interface for the button, you can request the URL of the user’s data opt-out page and then open that URL in a browser or webview:
Import the Asset package into your project.
Create your own UI control that informs the player of their ability to opt-out of data collection.
Note: The Data Privacy plug-in includes an icon in the DataPrivacy/Runtime folder. Unity encourages you to use this icon on your data privacy button (or similar control) to provide a consistent graphical cue to players encountering data privacy controls in Unity games.
If you are building your project with Unity 5.1 or earlier, you must call DataPrivacy.Initialize()
. (Initialize()
is called automatically on newer versions of Unity.)
In response to the player’s click or interaction with this control, call the DataPrivacy.FetchPrivacyUrl()
function. This function takes an Action<string>
object that is invoked when the network request completes. (You can optionally pass in a second Action<string>
function to handle the failure case.
In your handler for the FetchPrivacyUrl()
request, open the URL received in a browser. You can do this with Application.OpenURL()
.
For example, the following script opens the Player Data Privacy page in response to a click on a GameObject:
using System;
using UnityEngine;
using UnityEngine.Analytics;
public class OptOutHandler : MonoBehaviour {
static void OnFailure(string reason)
{
Debug.LogWarning(String.Format("Failed to get data privacy page URL: {0}", reason));
}
void OnURLReceived(string url)
{
Application.OpenURL(url);
}
public void OpenDataURL()
{
DataPrivacy.FetchPrivacyUrl(OnURLReceived, OnFailure);
}
void OnMouseOver(){
if(Input.GetMouseButtonDown(0)){
OpenDataURL();
}
}
}
Before Unity 5.2, Unity provided Analytics support through a Unity Asset Store asset package. You can use the Data Privacy plugin with these older versions of Unity Analytics, but you must initialize the privacy plugin before calling any of its other functions (and before your players have a chance to click the data privacy button). The best place to initialize the plugin is right after you call UnityAnalytics.StartSDK()
to initialize the Analytics plugin:
using UnityEngine;
using UnityEngine.Cloud.Analytics;
using UnityEngine.Analytics;
public class UnityAnalyticsIntegration : MonoBehaviour {
void Start () {
const string projectId = "SAMPLE-UNITY-PROJECT-ID";
UnityAnalytics.StartSDK (projectId);
DataPrivacy.Initialize ();
}
}
Note: DataPrivacy.Initialize()
is called automatically on Unity 5.2 or later. You do not need to call the function yourself unless you are using the Asset Store package for Analytics support.
The DataPrivacy class configures the Unity Analytics service based on the player’s data privacy management choices.
NAMESPACE: UnityEngine.Analytics
public class DataPrivacy
The DataPrivacy class automatically fetches the player’s data privacy status and configures the Analytics service accordingly.
Use the FetchPrivacyUrl()
function to fetch the the URL of the player’s personal data management page. Open the URL to give the player the option to manage their data privacy settings.
Prepares the Data Privacy API for use.
Declaration
public static void Initialize()
Remarks
This function creates a hidden GameObject and adds an instance of the DataPrivacy class to it as a component.
On Unity 5.1 or earlier, call Initialize()
early in your application startup, ideally, right after you call UnityAnalytics.StartSDK (projectId)
. Newer versions of Unity call Initialize()
automatically.
Fetches the player’s current opt-out status and configures the Unity Analytics service.
Declaration
public static void FetchOptOutStatus(Action<bool> optOutAction = null)
Parámetros
Action<bool> optOutAction
— The Action object to invoke when Unity has fetched the player’s opt-out status. The boolean parameter passed to your Action is true
if the player has opted out of personal data collection and false
, otherwise.Remarks
The function configures the Analytics service as appropriate for the player’s data collection choices. The status is cached for use when the player’s computer or device is offline.
FetchOptOutStatus()
is called automatically when your game launches. You should also call the function when the player returns to your game after you open their data privacy management URL to immediately apply any changes they made while on that page.
You can also use FetchOptOutStatus()
to get a player’s opt-out choice by passing an Action<bool>
function parameter. The plugin invokes the optOutAction
function you provide when the network fetch request is complete. The boolean argument passed to your action is true
when the player has opted out and false
, otherwise. If the network request for the player’s status fails, your optOutAction
function is called with the cached value (or false
, if the status has never been set).
void OnOptOutStatus(bool optOut)
{
if(optOut)
{
Debug.Log("Player has opted-out of personal data collection.");
}
}
// ...
DataPrivacy.FetchOptOutStatus(OnOptOutStatus);
Gets the URL of the player’s personal data management page.
Declaration
public static void FetchPrivacyUrl(Action<string> success, Action<string> failure = null)
Parámetros
Action<String> success
— The Action object to invoke when the URL is successfully retrieved. The string passed to the Action contains the URL.
[optional] Action<String> failure
— The Action object to invoke when Unity cannot retrieve the URL. The string passed to the Action contains the reason for the failure.
Remarks
Open the URL passed to your success function in a browser or webview to give the player the opportunity to manage their data protection options. You can use Application.OpenURL()
to open the page.
The URL is valid for a short period of time. Always fetch the URL immediately before opening it.
Call FetchOptOutStatus()
after the player returns to your game to apply any changes immediately. Otherwise, any changes to data collection are applied the next time the player launches your game.