Gamers propose punishing Blizzard for its anti-Hong Kong partisanship by flooding it with GDPR requests

Being a global multinational sure is hard! Yesterday, World of Warcraft maker Blizzard faced global criticism after it disqualified a high-stakes tournament winner over his statement of solidarity with the Hong Kong protests -- Blizzard depends on mainland China for a massive share of its revenue and it can't afford to offend the Chinese state.

Today, outraged games on Reddit's /r/hearthstone forum are scheming a plan to flood Blizzard with punishing, expensive personal information requests under the EU's expansive General Data Privacy Regulation -- Blizzard depends on the EU for another massive share of its revenue and it can't afford the enormous fines it would face if it failed to comply with these requests, which take a lot of money and resource to fulfill.

Being a multinational is indeed hard, but it's cute to see global capitalism's potential downfall in the welter of jurisdictions the largest corporations seek to have a presence in so that they can maximize their profitability.

o, if you want to submit a GDPR request, and live in the EU, you can use the following form letter, addressed to the data protection officer for Blizzard ([email protected]) or Activision (activisiion actually has an existing portal):

To Whom It May Concern:

I am hereby requesting access according to Article 15 GDPR. Please confirm whether or not you are processing personal data (as defined by Article 4(1) and (2) GDPR) concerning me.

In case you are, I am hereby requesting access to the following information pursuant to Article 15 GDPR:

* all personal data concerning me that you have stored;

* the purposes of the processing;

* the categories of personal data concerned;

* the recipients or categories of recipient to whom the personal data have been or will be disclosed;

* where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

* where the personal data are not collected from the data subject, any available information as to their source;

* the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me.