Mirage: Arcane Warfare pulled from sale due to GDPR

With the European Union’s new General Data Protection Regulation (GDPR) coming into effect today, hopefully spelling an end to e-mails from companies begging me to stay subscribed to their newsletters, another game has chosen this moment to throw in the towel. Torn Banner Studios have removed first-person brawler Mirage: Arcane Warfare from sale and will soon shut down their official servers. The magical follow-up to Chivalry: Medieval Warfare will still be playable on player-hosted servers and with its AI botbuds, so people who already own it can play – but new people can’t join in.

“We have made this change in part due to the new European Union privacy law, the General Data Protection Regulation (GDPR), that comes into effect May 25, 2018,” Torn Banner said in yesterday’s announcement. “We unfortunately have run out of options for keeping Mirage alive.”

The official servers will be online until May 31st, then it’ll be down to player-hosted servers.

Torn Banner don’t fully explain the situation, but I’d imagine it’s the case that the game was making so little money that the cost of updating to become GDPR-compliant wasn’t worth it. The GDPR caused Loadout and Super Monday Night Combat to call it quits for that reason, the final straw for struggling games. I’ve asked Torn Banner to elaborate on their particular situation, and will let you know what I hear back.

Mirage was struggling. Over the past month, it peaked at having 24 players online at the same time. Torn Banner did briefly bolster playercounts by giving Mirage away for free for one day in September 2017, which saw it briefly surge to an all-time high of 43,000 concurrent players before dramatically falling off. Chivalry’s numbers are still about 100 times higher than Mirage’s.

Our Matt was a fan of Mirage and had hoped it might one day go free-to-play to lure in loads more players, but so it goes.

This doesn’t sound like the end for Torn Banner, mind. Chivalry is still up and sold, and they say “We look forward to seeing you in our future titles” – so they’re expecting to make more games.


  1. BaronKreight says:

    Sad day. I hope these guys are not going anywhere and will come up with something new.

  2. Lyrion says:

    I’m still wondering what kind of userdata those games keep that are now shutting down. If you are just keeping userdata for log in to the servers and such… you should have no problem at all.

    • Horg says:

      I’ve just done my compliance training for GDPR so can offer a little insight. It’s primarily concerned with any data that can be used to identify a living individual, so user logs with IP address and time stamps would probably qualify, as you can cross reference that data with user activity. User account data with personal details and email addresses would obviously also count.

      Almost all online games are going to make their data storage and collection methods for such items compatible with GDPR. The costing issue comes from the requirement to assign an individual to be a Data Protection Officer, give them relevant training, have them monitor data policies, and perform data collection and storage assessments on new projects. There’s also the storage aspect, as companies now need to be more mindful of encryption and of purging data records that are no longer relevant to the service. Finally, companies need to be very careful about who they share data with, as data breaches from a 3rd party are now partly the responsibility of the sharing party. So more auditing of partners data protection standards is required. There are pretty hefty fines if an organisation fails an audit.

      Overall it’s been a good set of changes, the GDPR gave my organisation the kick up the arse it needed to work in the 21st century digital environment. However, there is an initial and ongoing cost involved, so even companies that are not doing anything malicious might decide that the cost isn’t worth becoming compliant if their service is basically dead anyway.

    • Ghostwise says:

      If a game is barely making any money, any additional cost isn’t worth it.

    • Shyntae says:

      The GDPR identifies as personal data any data generated by the user and which can be linked to her. For an old videogame, the main hassle is that you have to:
      – Document all personal data stored by the game server (so including player profiles, leaderboard data for instance)
      – Document all the processes that use this data and demonstrate that the data is useful for these processes.

      – Document the protection methods you implemented for this data, according to the criticality of a breach.

      Most game servers don’t store a lot of personal data, but it’s still an effort to create this documentation. It’s even worse if the game is old and knowledge was lost.

      • Someoldguy says:

        Since they have to do all this for Chivalry, it seems a little odd that Mirage wouldn’t just be largely a cut & paste job of that.

  3. falcon2001 says:

    The other huge GDPR requirement is that customers have to be able to request that their data be downloadable and expungeable, and both of those require that you build systems to do that. Even for a smaller company with a relatively simple system it’s not easy; it could be months of work for developers.

    People have been writing off these dead games as ‘well they didn’t care about customers’ but honestly the GDPR requirements go beyond general best practices for customer data. I’m 100% on board with them – it SHOULD go further than that – but I also don’t think we should blame the people who are losing their jobs over not being able to spend months building new code.

  4. April March says:

    Wow, I knew this game was flagging, but I didn’t know how bad. I’m going to miss having bright green magic juice being thrown at me by an overweight man in a Victorian beard atop a flying carpet. And in the game.

  5. vorador says:

    Being GDPR compliant doesn’t cost a lot of money, but i guess they couldn’t really spend anything on it. Not worth it.

    Well, there it goes. Its feels bad to go like this.

Comment on this story

HTML: Allowed code: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>