Ubisoft’s latest installment in the Assassin’s Creed series, Shadows, may have earned praise for its immersive world and stealth gameplay, but it’s now facing serious criticism—and not for anything on screen. A prominent privacy rights organization has filed a formal complaint, accusing Ubisoft of secretly harvesting user data without proper consent.
The complaint, brought forward by European privacy group noyb (short for “None of Your Business”), claims that Assassin’s Creed Shadows requires a constant internet connection even during single-player gameplay. This always-online design, according to noyb, isn’t about enhancing gameplay—it’s about data collection.
A Hidden Threat Lurking in the Code
While players navigate feudal Japan as dual protagonists Naoe and Yasuke, something else is happening behind the scenes. Noyb alleges that Ubisoft is quietly tracking player activity, sending more than 150 data packets to external servers during gameplay. These packets reportedly include login credentials, system information, and even browsing habits—without any clear opt-in or disclosure.
Joakim Söderberg, a European data protection lawyer, compared the situation to a board game being monitored by an uninvited guest: “Imagine if the Monopoly man sat at your table and took notes every time you played with your family. That’s what’s happening here—except it’s digital, and you didn’t agree to it.”
This type of data harvesting, according to noyb, is a direct violation of the European Union’s General Data Protection Regulation (GDPR), which mandates explicit consent before any personal data is collected or processed.
Ubisoft’s Defense Falls Flat
Ubisoft has stated that the information gathered is minimal, claiming it’s limited to basic stats like session duration. However, independent monitoring of the game’s network activity suggests otherwise. According to noyb’s findings, the scope and frequency of data transmissions paint a far more intrusive picture.
And with no clear explanation or consent mechanism built into the game, users had no idea what was happening. “It’s not just about what was collected—it’s about how,” said a spokesperson from noyb. “There was no transparency, no legitimate justification, and no real choice given to the player.”
What’s at Stake for Ubisoft
Noyb is urging Austria’s data protection authority to take decisive action. The group has proposed a fine of €92 million and is demanding that all data collected without proper consent be deleted.
If the complaint is upheld, the fallout could extend far beyond Assassin’s Creed Shadows. A ruling against Ubisoft would not only damage its reputation but could also force a reevaluation of data practices across the gaming industry.
As online connectivity becomes a standard feature—even in solo games—so too does the potential for companies to misuse that access. “Just because a game is connected doesn’t mean consent is implied,” says Söderberg. “There’s a difference between optional online features and mandatory surveillance.”
A Pattern of Behavior?
This isn’t noyb’s first battle with tech giants. The organization has previously challenged the likes of Google, Meta, and Apple over similar GDPR violations. Now, with Ubisoft in its sights, it’s clear that the gaming industry is no longer immune from scrutiny.
What’s especially troubling in this case is that Assassin’s Creed Shadows is a single-player game. There’s no obvious gameplay benefit to requiring an internet connection—no competitive multiplayer or real-time content updates. That raises a crucial question: was the always-online setup designed purely for tracking?
If true, this controversy represents more than just one company overstepping—it’s a red flag for how data privacy is treated in gaming. It shows how easily entertainment can cross over into exploitation, especially when users are kept in the dark.
Industry-Wide Implications
As of now, Ubisoft has not issued a formal response to the complaint. But the outcome of this investigation could set a precedent for how games collect and use player data in the future.
For gamers, the message is clear: it’s time to ask more questions about what we’re agreeing to when we press “Start.” And for publishers, this may be a turning point—where ignoring privacy isn’t just bad PR, but a costly legal mistake.
What began as a celebrated return to form for Assassin’s Creed has become a test case in digital ethics. In the shadows of feudal Japan, a much larger debate is unfolding—one that could reshape the way games handle your data.