[Retr0id]

They're perhaps not required to gather explicit opt-in consent, but my understanding is that they'd be required to disclose what information they collect/store.

[phire]

The same rules apply to the steam ID and IP address.

As far as I'm aware, you can get away with disclosing the fact that you are tracking "unique identifiers for the purpose of anti-cheating" in the terms and conditions, without explicitly explaining the technical details that it's a cookie.

Also, this is a server covering the Australia/New Zealand region, so it doesn't have to worry about GDPR compliance.

[xxs]

>the fact that you are tracking "unique identifiers for the purpose of anti-cheating"

A person can requests to delete their data at any time, and also can request to provide all the personal data collected.

[consp]

This does not apply to fraud. You can store the data if it is relevant to an illegal act, and since cheating voids the ToS of the server ...

[xxs]

fraud is a criminal offense. ToS is in most cases is a wish-washy nonsense talk, legally not enforceable (in the EU)

It's rather hard to make any online agreement that's more lax than the law in the EU (and call it ToS)