Super Monday Night Combat shutting down due to GDPR

Free-to-play gameshow MOBA-shooter Super Monday Night Combat will shut down when the European Union’s General Data Protection Regulation (GDPR) comes into force later this month, developers Uber Entertainment have told us, because the cost of reworking it to be compliant would just be too high. A perfectly normal and seemingly above-board game shutting down is a curious knock-on effect of new privacy laws, and raised a few eyebrows when Uber first announced this on Thursday, but it’s understandable. SMNC is six years old and its playerbase is tired: over the past month, SMNC peaked at only two dozen players in-game at the same time.

The GDPR is a new data privacy law which aims to protect EU citizens in a number of ways. It’ll let us demand data be wiped from records with the “right to be forgotten”, let people demand access to copies of personal data companies have on us, and generally require companies to do a whole lot more to give us privacy and keep our data safe. Companies which breach the GDPR can face fines of many millions of pounds (well, Euros). See this for a quick primer. I’ll miss you like hell, EU Parliament.

Though Uber Entertainment are based in the USA, they still need to comply with the GDPR when dealing with EU citizens. The problem, Uber explained to me, was down to SMNC using an old version of their Ubernet platform for its backend.

“The changes needed to allow us to meet the specifications of the GDPR would mean we either need to rewrite large parts of Ubernet or port the game to run on Playfab [a backend platform owned by Microsoft]. We’ve tried to keep the game going as long as we could as it was break even or close to break even on monthly server costs up until now, but both of these options are unfortunately out of range of the budget we have set aside for Super MNC.

“We’ll keep playable for as long as we are legally allowed to, but the day GDPR hits, we’ll pull it down so as to be in compliance.”

Super Monday Night Combat’s servers will be online through May 23rd then shut down ahead of the GDPR deadline on the 24th (it comes into effect on May 25th). The game will become unplayable in all modes, leaving it dead. As a going-away present, Uber will give a big wodge of in-game cash who get in touch with their support department.

It’s always a shame when a game dies, even if it is understandable, and is lost to posterity.

Uber aren’t the only company having trouble with the GDPR. Several free-to-play MMOs, including Ragnarok Online and Dragon Saga, are will also shut down due to the GDPR. Their western publisher has announced that they will start region-blocking Europeans by IP. And some have speculated that the recent Steam privacy changes, which had the knock-on effect of locking out SteamSpy, are down to the GDPR. I suspect we’ll hear from more games and companies over the coming weeks.


  1. spacein_vader says:

    I’m my organisations Data Protection Officer and it seems there’s a lot of FUD going around about GRPR at the minute so it’s pleasing to see some devs who are honest: compliance is possible just not cost effective in this case.

    I’ve no doubt that the Steam changes (I’ve also had updated T’s&C’s from GoG and imagine EA, Ubi et al won’t be far behind,) are down to GDPR. I just hope people see it for what it is, increased protection of the individuals privacy, rather than a new excuse the lazy will use to avoid doing something now we’ve all wised up to “health & safety says no”.

    • Someoldguy says:

      I’m sure a lot of companies are doing it right. One that contacted me yesterday did raise my eyebrows. It informed me of its changing T&C so I went to log in using that email without success. It could not supply my password because it said the email address wasn’t registered with them. Hmm.

    • mlcarter815 says:

      Expecting privacy on the internet is silly.

      • Merus says:

        The awkward blending of socialism and Ayn Rand that’s fueled the internet thus far is ripping at the seams. What the internet is going forward will have to be different. Maybe privacy is possible, and it’s never been in Silicon Valley’s interest to make it work. I guess we’ll find out.

      • Someoldguy says:

        Companies expect to be able to connect to the internet and maintain their privacy. Indeed they’re hauled over the coals if they allow anyone to breach their security and it can be catastrophic for their business if its their data or customer information that is stolen.

      • Spakkenkhrist says:

        Not at least trying for it is worse though.

      • AngoraFish says:

        If privacy is good enough for online banking, medical records, government departments, and large corporations, I’m not sure why consumers shouldn’t be entitled to expect exactly the same thing.

    • apa says:

      GDPR is a good thing for us, citizens and consumers (I’m not a DPO but been doing compliance assessment etc). Makes you wonder what those games are using the player’s personal data for.

      It makes easier to buy and sell services internationally: instead of guessing what kind of data security is on offer, just see if it is GDPR compliant.

      Yes, there’s a lot of work to do right now but later on it will pay.

      • jroger says:

        As someone who is also part of a customer’s “GDPRtask force”, I agree with this. The GDPR is mostly sensible stuff. “Don’t collect more data than you need”, “Document what data you collect, why and who has access”, “tell your customers”, “have someone responsible for all that”. This is something that everyone should have done from the start, but no one did. A lot of work at the moment and a time of legal uncertainty, but good overall. (But don’t get me started on the – misunderstood – cookie guideline …)

        Makes you wonder what kind of data the companies behind those games did collect and how it’s so hard not to do that anymore in the future.

        • sosolidshoe says:

          This is what particularly biles ma pish, as they say, about how “that” group react to stuff like this. Blah blah EU overreach, straight bananas all over again, onerous burdonsome regulation is never the answer, rabble rabble rabble.

          Except everything in there is common sodding sense, and the reason the EU are now having to regulate common sodding sense is companies refused to do it themselves.

    • Cederic says:

      Yeah GDPR doesn’t stop anybody from offering an online gaming service.

      It merely stops them abusing consumer data while doing so.

    • Carighan Maconar says:

      “Cost-effective” is also very difficult if your game is long dead and has no income.

  2. pekingduckman says:

    Also of note, if you play TF2 and want to get the SMNC achievement hats, this is your last chance.

  3. Dave Mongoose says:

    It’s unfortunate that some would rather shut down in Europe than make the effort to comply, but the point of GDPR is to give us more control and understanding of the data that we’ve given to companies (as well as how they’re allowed to use it) which can only be a good thing.

    • tekknik says:

      I don’t think you quite understand, for some companies the GDPR is a death sentence. Google “gdpr nightmare letter”, read through the letter and imagine being a small time dev receiving these requests. I have also pulled my projects out of the EU for the same reason.

      • AngoraFish says:

        The nightmare letter is drafted to look scary, as if each request is going to require a company to generate all of this detailed information entirely from scratch each and every time a request is received.

        In practice, most questions can be answered quite simply with boilerplate responses and most companies will quickly have a FAQ up somewhere that can be linked to – “We are not aware of any breaches”, “we have a jargon filled circle of processes in place to protect user data”, “all data is retained for a maximum of five years”.

        Sure, companies are going to have to tighten their systems for protecting actual user data, but a lot of this can be done by centralising user privacy information and restricting who it’s shared with, which is kinda the point of the whole exercise.

        Don’t ship your user data to 15 different unknown companies in Kazakhstan, that may or may not be further subcontracting some of the work to North Korean server farms, and you’re off to a pretty good start.

        The only real problem with the directive is if you assume that companies are going to continue to use their current shitty wide-open systems, and have to better document those crappy processes and systems as-is, rather than just not having crappy processes in the first place.

  4. Phantom_Renegade says:

    I wonder what kind of data they were collecting and selling before that it’s so hard for them to uncouple that from the game.

    • Spakkenkhrist says:

      The data of a dozen players it seems, bet they must be rolling in it with that bounty.

    • mitrovarr says:

      It might not be anything. Rewriting the old platform to allow for complete purging of player data or to allow export so people can see it may simply not be worth it. The profitability of the game at this point is probably barely enough to cover server costs.

      • aepervius says:

        I doubt it. I have seen many system using various degree of DB and encryption, including big iron used in enormous systems, and I have never seen a sale system where the few request which might come might not be handled every 13th of the month (even with complicated queries) as those request are rare. What I have seen on the other hand are messy DB which saved far more private data than they should have, some was caught already by PCI, but there are still a few kink to iron out.

        In this case I simply think they did not want to spend the money for little customer they had, and simply said “it is because of GDPR”. But what i read is “we had a messy DB with private customer data we may not have to have but rather than check that out what needs to be changed we’ll simply say it is because of GDPR and we’ll close out and spare us the time” .

  5. DuncUK says:

    Winding down the game because you only ever peak at 24 players would be a perfectly adequate excuse, GDPR or not.

  6. nimbulan says:

    I’m amazed that game is still operating. I don’t think it was ever popular, and stripped out a lot of what was fun and unique from the original Monday Night Combat.

  7. dontnormally says:

    The original Monday Night Combat was amazing. SMNC somehow messed up everything I liked about it.

    I hope they make a sequel.

    • SenorRoboto says:

      Agreed, MNC was a great third person shooter MOBA, and then they rushed the dumb F2P cash grab sequel out and completely split the player base after it had only been out on PC for a year.

    • HiroTheProtagonist says:

      MNC was definitely great and I honestly feel nothing for SMNC getting canned. I get the feeling a sequel would end up being a Battle Royale-style affair (which would canonically make sense as the world of MNC is bloodsport for the masses).

  8. tekknik says:

    The comments here are interesting, the world says GDPR is overreaching and too much of a burden and when it claims a victim people start attacking the product. More small time studios and businesses will be pulling out or shutting down because of the costs associated with the GDPR, mark my words.

    • Hmm-Hmm. says:

      ..and? Yes, that’s a shame, but if some of the comments here can be believed then having this new law in place is only a good thing. The gaming industry will catch up.

      More importantly, I think it’s deadly for an industry to be mordicus against any changes because of short term pains.

Comment on this story

HTML: Allowed code: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>