A new Assassin’s Creed controversy emerges, this time, over privacy. Ubisoft is under fire for collecting user data without consent in Shadows.

Assassin’s Creed Shadows launched to strong reviews, with fans hailing its stunning depiction of feudal Japan, dual protagonists, and a much-needed return to stealth roots. But in true Assassin fashion, peace was never an option. You can take the controversy out of the Creed, but you can’t take the Creed out of the controversy.

While players were busy leaping off rooftops and slipping through bamboo forests, privacy watchdog noyb was quietly filing a complaint that could have real-world consequences. It accuses the studio of forcing players online and harvesting personal data without consent.

Turns out, the most dangerous thing lurking in the shadows isn’t a hidden blade, it’s a data packet you never knew you sent.

Why Ubisoft is in hot water over Assassin’s Creed Shadows now

⛶

⛶

⛶

⛶

⛶

Despite Assassin’s Creed Shadows being a hit with fans, Ubisoft now finds itself under fire, not for bugs or historical nitpicks, but for allegedly spying on players.

Privacy watchdog noyb has filed a formal complaint with Austria’s data protection authority, claiming the company forces players to stay connected to the internet, even in single-player mode, and secretly collects personal data.

While the studio says it only tracks basic information like session times, the investigation tells a different story. When monitoring the AC Shadows’ network activity, it was found that the game made over 150 connections to external servers.

This included login information, system data, and browsing behavior, none of which were clearly disclosed or consented to. This kind of behind-the-scenes data collection violates the EU’s strict GDPR law. Joakim Söderberg, data protection lawyer, said:

Imagine if the Monopoly man sat at your table and took notes every time you want to play a board game with your family or friends. […] As long as you have an open internet connection when you play, your data is collected and analysed.

Noyb argues that the studio didn’t give players a real choice, didn’t explain what was being collected, and had no legitimate reason to gather that level of data, especially for a solo game experience.

Now, the group is pushing for regulatory action: a fine of €92 million and an order to delete the data collected without proper consent. If upheld, the case could set a major precedent, not just for Ubisoft but for how game publishers handle player data across the board.

The Watchdog that’s watching the watchers

The biggest stealth mission might be happening behind the scenes. | Image Credit: Ubisoft

The organization behind the complaint, noyb, short for None of Your Business, isn’t new to going head-to-head with tech giants. It has taken on the likes of Google, Meta, and Apple, with a strong track record of exposing data abuse under the EU’s GDPR laws. Now, Ubisoft is in its crosshairs.

But the issue here isn’t just Ubisoft, it’s what this case represents. The controversy started with a simple, frustrating question: why does a purely single-player game need to be online at all? What looked like an odd design choice turned out to be a potential data trap.

The investigation’s findings suggest that this always-online requirement isn’t about finding session times or seeing the gameplay; it’s about tracking players, collecting data, and sharing it with third parties like Google and Amazon. And all this without clear consent.

In the age of connected everything, it’s easy to shrug off data collection as just part of the experience. But when a solo gaming session becomes a surveillance opportunity, the lines blur between entertainment and exploitation.

Ubisoft may be the first in the spotlight, but it’s unlikely to be the last. This case could be a wake-up call, not just for gamers, but for the entire industry.