Introduction: A Storm of Controversy for Ubisoft

Ubisoft, the French gaming giant behind the Assassin’s Creed franchise, is no stranger to controversy, but its latest scandal has rocked the gaming world. On April 24, 2025, privacy watchdog Noyb filed a complaint with Austria’s data protection authority, accusing Ubisoft of illegally harvesting player data without consent. The allegations center on single-player games like Assassin’s Creed Shadows and Far Cry Primal, which reportedly require an internet connection despite being offline experiences. Noyb claims this allows Ubisoft to track players’ every move—down to each sword swing or rooftop leap—potentially violating the EU’s General Data Protection Regulation (GDPR). The group is pushing for a staggering €92 million ($104 million) fine, a sum that could wipe out Ubisoft’s earnings from Assassin’s Creed Shadows, which launched to critical acclaim on March 20, 2025. With the gaming community up in arms and Ubisoft’s financial stability already on shaky ground, this controversy could have far-reaching implications. Let’s dive into the details of this data-harvesting scandal and explore its impact on Ubisoft and its players.

The Allegations: Secret Data Collection in Single-Player Games

At the heart of the complaint is Ubisoft’s practice of requiring players to connect to the internet to launch single-player games, even when no online features are involved. Noyb alleges that this setup enables Ubisoft to collect extensive data on players’ gaming habits without their explicit consent. In one instance, a user playing Far Cry Primal noticed the game establishing over 150 connections to external servers—including those of Amazon, Google, and Datadog—in just 10 minutes. These transmissions were encrypted, making it impossible for players to know exactly what data was being sent. Noyb argues that this “secret data collection” violates GDPR, which mandates that companies must have a valid legal basis for processing personal data and that such processing must be transparent and necessary.

Ubisoft has defended itself by claiming that an internet connection is only required when first launching its games to verify ownership, after which they can be played offline. The company also stated that data collected during online play is used to improve game performance. However, Noyb counters that Ubisoft provides a hidden option to play offline, proving that constant data collection isn’t strictly necessary. The privacy group contends that if Ubisoft wants to gather analytics, it should explicitly ask for user consent or allow players to opt into sending bug reports, rather than automatically transmitting data by default. This lack of transparency and consent is at the core of the GDPR violation allegations, painting a troubling picture of Ubisoft’s data practices.

The Financial Stakes: A Fine That Could Devastate Earnings

The potential €92 million ($104 million) fine proposed by Noyb is a significant threat to Ubisoft, especially given the company’s recent financial struggles. In 2024, Ubisoft lost over half its market value, a decline exacerbated by a massive data breach in 2023 that exposed 900GB of sensitive information. The launch of Assassin’s Creed Shadows was a bright spot, with the game achieving the series’ second-highest day-one revenue and the best-ever PlayStation Store day-one result for Ubisoft. It sold over 1 million copies in its first 24 hours and reached a concurrent player peak of 64,000 on Steam, contributing significantly to Ubisoft’s revenue stream. However, a fine of this magnitude could erase those earnings entirely, dealing a severe blow to the company’s already fragile financial position.

Ubisoft’s market challenges aren’t new. The company has faced criticism for recent releases like Star Wars Outlaws, which underperformed commercially, and its stock has been under pressure amid rumors of a potential buyout by Tencent and the Guillemot Brothers. The timing of this fine couldn’t be worse—Ubisoft is in the midst of a major restructuring to address its financial woes, and a €92 million penalty could further tank its stock price, making it more vulnerable to acquisition. For a company that reported a €2.3 billion turnover last year, a fine representing 4% of that figure is a substantial hit, especially when its flagship title’s success is on the line.

Community Backlash: Gamers Demand Accountability

The gaming community has reacted with outrage to the allegations, with many players feeling betrayed by Ubisoft’s practices. On platforms like Reddit, gamers have expressed frustration over being forced to connect online for single-player games, viewing it as a thinly veiled excuse to collect data. The sentiment on X mirrors this anger, with posts describing Ubisoft’s actions as a new low in corporate overreach. Players are particularly upset because single-player games like Assassin’s Creed Shadows are often seen as private experiences, where they expect their actions—whether sneaking through a Japanese castle or battling samurai—not to be monitored. The idea that Ubisoft might be tracking every move without clear consent has sparked widespread calls for accountability.

This isn’t the first time Ubisoft has faced scrutiny over data privacy. In 2024, a class-action lawsuit in California accused the company of sharing Ubisoft Store user data with Meta via a tracking pixel without consent, though the case was dismissed in April 2025 after a judge ruled that Ubisoft’s user consent disclosures were sufficient. However, the Noyb complaint has reignited concerns, especially since it targets a broader issue: the unnecessary online requirements for single-player games. Privacy advocates have urged gamers to scrutinize Ubisoft’s terms of service and opt out of data collection where possible, emphasizing the need for greater transparency in how gaming companies handle personal information.

The Broader Context: Ubisoft’s History of Controversies

This data-harvesting scandal is just the latest in a string of controversies for Ubisoft, particularly surrounding Assassin’s Creed Shadows. Before its launch, the game faced backlash over historical inaccuracies and cultural representation, with some Japanese players and politicians accusing Ubisoft of disrespecting their culture. Critics pointed to issues like the depiction of Yasuke, a Black samurai, and the use of Chinese architectural elements in a game set in Japan. Ubisoft also faced accusations of copying the design of Zoro’s sword from One Piece for a promotional display, as well as using a flag from a Japanese historical reenactment group without permission, leading to an apology and the removal of the design. These incidents have fueled a narrative of carelessness and lack of originality, further damaging Ubisoft’s reputation.

The company’s broader track record doesn’t help its case. Ubisoft has been criticized for its handling of employee misconduct allegations, with CEO Yves Guillemot addressing “malicious” online attacks against developers in 2024, though some felt the response didn’t adequately address internal issues. Additionally, Ubisoft’s decision to shut down The Crew servers, rendering the game unplayable for owners, drew ire over its approach to digital ownership. These controversies paint a picture of a company struggling to maintain trust with its player base, and the data-harvesting allegations only deepen the rift at a time when Ubisoft can ill afford more negative press.

The Legal and Industry Implications

If the Austrian data protection authority upholds Noyb’s complaint, the consequences could extend far beyond Ubisoft. A €92 million fine would set a precedent for how gaming companies handle player data, potentially forcing the industry to rethink practices around online connectivity and data collection. GDPR is a powerful regulation, designed to protect EU citizens’ privacy by ensuring that companies only process personal data with a valid legal basis, such as explicit consent or necessity for service delivery. Noyb’s argument—that Ubisoft’s data collection isn’t strictly necessary for single-player games—could lead to stricter enforcement of these rules across the sector.

Other companies have faced similar scrutiny. In 2024, Sony backtracked on a requirement for Helldivers 2 PC players to link to PlayStation Network accounts after an outcry over data collection concerns, showing how quickly player backlash can force change. If Ubisoft is forced to scrap mandatory online connections for single-player games, as Noyb demands, it could set a new standard for the industry, prioritizing player privacy over analytics-driven design. This case also highlights the growing tension between gaming companies’ reliance on data to “improve performance” and players’ right to privacy, especially in experiences traditionally seen as offline and personal.

Ubisoft’s Response and Future Outlook

As of April 28, 2025, Ubisoft has not issued a detailed public response to the Noyb complaint beyond its initial statements about verifying game ownership and improving performance. The company’s silence on the specifics of the allegations—particularly the claim of 150 server connections in 10 minutes—has fueled speculation that it may be preparing for a legal battle. If found guilty, Ubisoft could be ordered to delete all unlawfully collected data and overhaul its data practices, in addition to paying the fine. Such changes would likely require significant updates to its games, potentially removing online requirements for single-player titles and implementing clearer consent mechanisms.

For Assassin’s Creed Shadows, the timing of this scandal is particularly unfortunate. The game has been a commercial and critical success, praised for its stunning depiction of feudal Japan, dual protagonists Yasuke and Naoe, and a return to the series’ stealth roots. However, the potential fine threatens to overshadow these achievements, casting a shadow over Ubisoft’s ability to capitalize on the game’s momentum. With the Claws of Awaji DLC set to release later in 2025, Ubisoft will need to address these allegations swiftly to maintain player trust and ensure the expansion’s success.

What This Means for Gamers

For players, this scandal underscores the importance of understanding how their data is used by gaming companies. Many may not realize that even single-player games can transmit data to external servers, often under the guise of “improving performance” or “verifying ownership.” The Noyb complaint serves as a reminder to read terms of service carefully and be wary of unnecessary online requirements. If Ubisoft is forced to change its practices, players could gain more control over their data, potentially leading to a future where single-player games are truly offline experiences, free from corporate monitoring.

Conclusion: A Wake-Up Call for the Industry

The allegations against Ubisoft for illegally harvesting gamer data have thrust the company into yet another controversy, with a potential €92 million fine that could erase its earnings from Assassin’s Creed Shadows. This scandal highlights the growing tension between gaming companies’ data-driven practices and players’ right to privacy, especially in the context of single-player experiences. As the gaming community demands accountability and privacy advocates push for stricter regulations, Ubisoft’s response to this crisis will be a defining moment for its reputation and financial future. Whether this case forces a broader reckoning in the industry remains to be seen, but one thing is clear: the fight for gamer privacy is heating up, and Assassin’s Creed Shadows is at the center of the storm—dive into the details and see why this scandal is making headlines!