4.4.1.stable
How do I create a proper privacy policy acceptance window so that it complies with generally accepted standards? Are there any protocols or cryptography involved? What should I do besides the usual UI with text and checkboxes so that I don't get into trouble with the law?
You could use a ConfirmationDialog node or DisplayServer.dialog_show(...) then react accordingly to an Accept/Deny option. You do not need cryptography unless you are sending sensitive data through the internet, even then it may not be necessary.
There are no generally accepted standards. Typically, you put it in a modal dialog. That means a window that prevents you from doing anything else until you deal with it. Then you put your legal docs in a label or RichTextBox with editing turned off, and have a scrollbar. You have a Cancel and Accept button at the bottom. Cancel always works and exits your program. Accept is greyed out until the user scrolls to the bottom.
No. You may want proof that they clicked the button, but if your software can’t be used until it’s clicked through you’re probably fine.
TBH if you’re really worried about it, you should be talking to a contract lawyer. Random folks on the internet cannot give you legal advice.
I will tell you this question amused the hell out of me because I’ve been asked it more than once by both lawyers at a law firm and lawyers in finance. Talk to an actual contract lawyer - preferably someone who specializes in privacy. Laws are very specific and they are different by region. Which means if people in the US and EU can both use your product, you have to adhere to all laws in both regions. So you either have to block certain regions, or talk to lawyers in all of them.
Keep in mind that depending on what kind of sensitive information you are working with, it can be illegal to take production data into a test environment without de-identifying it. Plus you have to have a list of everyone who could possibly have access to it, and the people who do the de-identifying have legal responsibilities if anyone is identified by their data. (Healthcare in particular is a nightmare.)
Did I mention you should talk to a lawyer?
Okay, thanks. I’m integrating Yandex advertising to monetize the game, which means collecting the user’s personal data. Here, it will be enough to write the value accept=true to the privacy_policy.cfg file?
You should be fine. As long as this isn’t a mobile game. If it’s a mobile game, you need to check all of Apple’s rules and Google’s rules for developer data collection and privacy if you want to do this on either platform. Because if you violate their terms and conditions they will shut you down and there’s no appeal.
I am not a lawyer, and this is not legal advice.