As a Roblox developer, it is currently very difficult to comply with Right to Erasure requests. When I receive one, I need to scan through all of my games (new or ancient), find all the DataStore keys (and their formatting) that they use, and remove them for each individual userId. Doing this can take about 20 minutes per userId to purge potential data from all of my games that the user may or may not have even ever played. For developers dealing with larger volumes of traffic, this seems like it wouldn’t be feasible to even begin to comply with. It would be very helpful if we could supply a user or userId in the DataStore APIs to have Roblox purge this data for us.
A way to tie userIds to DataStore entries for automatic "Right to Erasure" compliance
More justification for the current state of things being undesirable can be found here:
Another user story about data erasure edge cases, posting on behalf of @Wegny
Hello-- we are going through some of the older threads to respond on things and this one came up.
With Data Store v2.0 (available now) we now have support where you can assign a set of userIDs to a given key when you do a SetAsync(). We are also working on functions to search by attribute that will let you find all keys with a given associated userID and a right-to-erasure dashboard on Creator Dashboard which will use this information to auto-select keys that should probably be deleted and delete them once the dev confirms they are correct. Both of these features should be available in the next six months to a year.
We highly recommend devs to use this userID tagging feature to help make future right-to-erasure compliance simpler.
Sorry for bumping an old thread, but I figured this was one of the better places for visibility.
We’re working on sending GDPR requests as email and as payloads via Webhooks (User ID, Experience ID(s)). Expect a release end of March / early April.
Will OrderedDatastores support the UserId parameter in future?
This is still highly inconvenient as this would require setting up an external vps specifically for handling these requests.
Hi Devs, Please take a look at our announcement for the release on webhooks. This is the first step we have taken towards assisting you in the process of automating GDPR requests. Please try out the feature here : https://create.roblox.com/dashboard/settings/webhooks
Reference to the announcement: Introducing Webhooks for External Notifications
Please provide your feedback here. This is not limited to RTBF (GDPR) requests alone. We would be adding many more notification types in the future. You can configure the above to receive notifications on Discord, Slack or Guilded.