Latest Updates to Our Privacy Policy & Terms of Use


#1

Hey Developers,

There are new updates to our Terms of Use and Privacy Policy on the Roblox platform, effective as of July 6. These updates are intended to clarify the language used in our previous update regarding GDPR. You can find the previous announcement here:

These updates are minor and no new sections have been added.

Updated Articles:

This announcement does not represent the entirety of the updates made to the Terms of Service or Privacy Policy.

Thanks,
Roblox Developer Relations


#2

image
Why is this feature limited to members of the EU. Even if non EU members are not entitled to know what personal info is on us, we should still be allowed to view it; Steam is the largest game platform on the web, and gave everyone access to a page that included all the data they had on them.


#3

Does this mean we can request for our moderation history?


#4

Every mainstream platform allows everyone to request and see their data, i.e Discord, Twitter, Google, Facebook. It is not only results in a better end user experience, but it is also easier for these big companies to just let everyone see their data, rather than to create an entirely new process to sort through and only allow EU residents. Roblox must not see the need, may not think they will receive a large amount of inquiries, or don’t think it will be a popular option.

If they don’t have to show us, I guess they won’t.


#5

Is moderation history considered personal data? That’s data that they have created and connected to you, but not data that you have submitted to them that has been collected.


#6

This was added back in May. I attempted to collect my data anyway, despite not being an EU citizen. The responses are conflicting and confusing.


#7

As someone who does have their account info as a result of a successful GDPR request I can tell you that Roblox will give you…

One excel spreadsheet with every login ever, from what IP, when it started and when it ended.
The real one contains the full IP and time to the second, I’ve gone and redacted this info

Along with a word document which has, a letter about GDPR with a table of personal data categories
Then…

  • Every username
  • Date of Birth
  • Email accounts ever connected to the account
  • And same phone numbers
  • Social Medias accounts connected
  • Facebook sign in ID
  • Every MAC address
  • Every single time something was bought with payment details
  • DexEx
  • GAID or IDFA (for Android or iOS)
  • AndroidID, IDFV, or WindowsID (for Android, iOS, or UniversalWindowsPlatform)

Although I was misssing some data such as a period of history from my account. At this time, I have not gotten any Roblox moderation history from it. Although both have been questioned


#8

Couldn’t that much information potentially put Roblox users in the EU at risk? Or users everywhere else?

You can gain knowledge of someone’s current home address just from their phone number.
Social Media accounts could also put user’s privacy at risk, i.e. real name, location, pictures, etc.
I’m also pretty sure Mac Addresses carry over physical location data, but I’m not entirely sure about that.

Personally, I think collecting information like that puts all users at risk, especially if there is a massive data breach.

The breachers could also potentially break into user’s accounts using their phone number, as has happened with various YouTubers. Which is why I’m heavily against using any kind of 2FA other than an email address. Phone numbers just aren’t as secure as people like to think they are.


#9

The amount of time and verification needed to do this is not worth it. It required full EU ID from me as a result. I suspect the MAC addresses were partially redacted.


#10

If you’re a breacher, it wouldn’t matter to you about the verification process, especially if you know how to hack servers and such. Though it’s most likely very time consuming.

Still, I don’t trust those elements of personal information being stored.


#11

The process is very much human. It took over 1 month to collect 8 years worth of data including ID verification via a third party system.

Included with the letter is a table talking about about the data they hold and some extra information, such as

(EDIT: If you want to continue this, it would be advised you DM me, just to prevent off-topic stuff)


#12

Now that’s a lot of info

Every bot account has this info so rip all the money they spend on storage for all of it and the comments they post. Didn’t know they recorded everything you did, it’s probably for moderation.


#13

That’s not true as there is a segment in the letter which clarifies that.

I. Personal Data Provided to You in this Correspondence
Two appendices are attached to this letter. Appendix I lists the categories of personal data Roblox collects in general and could collect from you and the envisaged period for which the data is stored or the criteria used to determine that period. Appendix II provides the basic set of personal data that Roblox actually has collected from you. Since Roblox does not collect the same information from everyone who uses our Services, the actual data in Appendix II could be fewer than the possible data listed in Appendix I. Please review both appendices to determine what personal data Roblox actually has about you, and what retention policies are associated with that data. “Services” shall have the definition set out at https://en.help.roblox.com/hc/en-us/articles/115004647846-Roblox-Terms-of-Use

Extracting from that, if it’s too long…

Since Roblox does not collect the same information from everyone who uses our Services, the actual data in Appendix II could be fewer than the possible data listed in Appendix I.


#14

Doesn’t mean they don’t do it.


#15

I suspect that the following data is only held about bot accounts

  • Username
  • Date of Birth
  • (Maybe) email and/or mobile numbers
  • IP addresses
  • MAC addreses