Intro
Firstly I’d like to clearly state not a lawyer at all. I cannot provide you with concrete legal advice, if you are deeply concerned or worried you should seek professional legal advice - but I’m here today to try and give a good “toolbox talk” on GDPR. I don’t want to bombard anyone with extreme technical information and in’s/out’s (but you are more than welcome to message me privately for any un-answered questions)
I see so many panic/worried developers on the situation daily in high frustration and panic on twitter or other media. I just wanted to show the best possible things you can do, as a developer to cover yourself. If you want to skip the GDPR “how do” I suggest skipping to Best Practices
GDPR, a general toolbox talk
Click to see
I'm not going to cover the rest as these are refereed to the "power 3" in my workplace, erase, modify or read and I'll cover an additional 4th in the "Best Practices" section and in general the rest. Hopefully the small toolbox talk section did provide some helpful information
GDPR For Dummies - A Basic
GDPR was essentially created after the ̶l̶i̶z̶a̶r̶d̶ ̶s̶c̶a̶n̶d̶… creator of Facebook Mark Zuckerburg did a big bad with a huge amount of peoples data I’m sure you’ve already heard/seen enough of that. It’s main design was to expand, refine and further increase what the Data Protection Act already did cover (with less rights, and in general a bit more “looser”) approach.
This time around we can explicitly request erasure of our data, see how it’s being held, how it’s being used, request amendments or opt out. With bigger penalty causes for companies/individuals (yes, even a single developer) that don’t comply to GDPR.
Erasure
Basically as the name says, all data must be deleted. It must be executed within a month. Because we as developers can’t see when a GDPR request was executed from Roblox’s GDPR notifications - just when the message is delivered to us in our inbox (one of the biggest Roblox GDPR implementations failures) we must assume at this point the standard 30 days has passed without doubt - so delete that data ASAP without delay. This includes any analytic data on the user as well as any data on the user you store off-site (e.g. I track the purchases in my shop using the bad “GarryBloggs” method, GarryBloggs brought x5 power potions on 01/01/1970 instead of the "Player brought x5 power potions on 01/01/1970)
We cannot communicate directly with the user that invoked the request to confirm there data has been deleted or give them a “reasonable justifiable explanation” as to why we haven’t of yet which makes this implementation of GDPR notifications very risky as the invoker could investigate further in extreme cases.
Read
This is a different one you might not get (depending if the GDPR system on Roblox as of current only sends messages about erasure, I have yet to see a read request message) but it’s possible to invoke a request to read data. This basically means all data you currently have on the person they want a copy of in a format that’s easily understandable. Let’s say we have “GarryBloggs” a Roblox player, he’s invoked a request to read the data. Our game “Cool Tycoon Simulator” has a database (either on Roblox or externally. I’m using a external MySQL on Azure for this example)
So essentially we have to give the user this information below;
It’s also ideal to give some information around it also. If GarryBloggs asked myself for this information I’d be sending this information back in a excel sheet. I’d link to Azure’s privacy policy and relevant documentation (if we could link external sites) and not forgetting we can’t send documents anywhere on Roblox so a few bumps in the road.
Modify
Analytic systems
Now this is a pretty interesting one players can have the right to modify their data but this is one you should mainly be concerned about if you use some kind of analytic system (like Game Analytics) if you track relevant ties.
So if you record nothing that ties data to the user (e.g. player visited shop and brought 1 power potion) VS (GarryBloggs visited shop and brought 1 power potion) the first is the most ideal solution to use to swerve the worries.
If you do insist on using “GarryBloggs visited shop and brought 1 power potion” you’ve still included his username and/or his UserID so that’s some data that’s still eligible for all GDPR actions.
Save data systems
Generally easy to avoid, stating it isn’t possible to modify your data to the interest of fairness and data integrity. A player can’t go to Rockstar and GTA V with GDPR and ask them “lol change my money becaus i hav rigts!!11” they give the same explanation.
Best Practices
Epic Game Simulator Example
I’ve created an Amazing game called “Epic Game Simulator” now it’s all ready to go. Just working on how I plan to save data baring in mind GDPR to work for me as much as it can (to also reduce the workload on myself) I already know there’s spelling mistakes dotted around. I was paying more attention to writing the thread.
- I’m gonna save data on the Roblox servers using DataStores, why am I going to do that you ask instead of using more reliable external services with a promised SLA and uptime guarantee? Roblox’s own DataStores are likely to be included already in the existing Roblox privacy policy. Less work for me to also say “Your data is saved on DigitalOceon using encryption here’s a link to DigitalOceon’s privacy polic- wait can’t do that ”
- I’m going to inform, inform, inform and inform my players where there data is, how it’s being saved and how it’s being used. Did I mention I’m going to inform players? I seriously can’t express how important it is to literally just inform players that there data is being saved it might be obvious to you but not to them. This is also one of the additional rights of GDPR “right to be informed” so you’re informing the player before they’ve even touched any kind of data saving.
This is Epic Game Simulators menu - I’m an 11/10 GUI designer hire me
So GarryBloggs hasn’t played Epic Game Simulator yet so let’s welcome him. We can see in my menu GarryBloggs can opt out of having his data saved if he so wishes. GarryBloggs might just want to play without any data being saved on him which is perfectly acceptable - although we should make it abundantly clear to GarryBloggs that this means nothing will save and he will have to start over.
GarryBloggs can click on the more information on what it means. This is what GarryBlogg will see if he clicks on the “More Information” tab on the menu for data saving
GarryBloggs can click on the more information on what it means. This is what GarryBlogg will see if he clicks on the “More Information” tab on the menu for analytic data saving. Notice how I’ve clearly said “it’s saved externally, securely” for Roblox rules we can’t link to GameAnalytics privacy policy but we should tell users to research the relevant privacy policy for GameAnalytics. I’ve also told GarryBloggs that “hey your data is anonymised, Epic Game Simulator isn’t going to know you brought x60 my little pony statues, just Player”
3) GarryBloggs is having a whale of a time in Epic Game Simulator cool thing he’s opted in for both Data saves which is neat but suddenly GarryBloggs thinks no, I no longer want my data saved. GarryBloggs has just switched off both toggles from the settings menu
GarryBloggs has decided again he doesn’t want Epic Game Simulator to have any data which is still fine and not a problem. We don’t take to take much action on the Analytics because remember they was anonymised but just don’t send any more data going forward to honour GarryBloggs wishes.
Now here comes the tricky part GarryBloggs has opted out of Data Saving so we’ll stop saving his data but what do we do with his already existing data? He might of decided I don’t want my data saved going forward - but the data you have on my save file is still perfectly fine.
So we’ll ask (never assume) an additional prompt on “What should Epic Game Simulator do with the data already?” with an option to “Keep It” or “Erase it” of course “Keep It” shows that GarryBloggs doesn’t mind us keeping the save data for him already and we’ll say “Thanks, Epic Game Simulator will keep and load your existing save data - but won’t save any more going forward”.
4) A few days later now and GarryBloggs thinks nope, I don’t want any data in Epic Game Simulator. I want it all gone so GarryBloggs visits again. There’s also a setting somewhere in the GUI under settings to allow “full erasure of all data”
* Step 1
Tell GarryBloggs there’s no going back, it’s gone, everything you worked hard on, gone
* Step 2
Give GarryBloggs exactly 30 seconds to quickly change his mind and cancel the data being erased. If the 30 seconds pass successfully 3 seconds later the data will be erased permanently.
* Step 3
Hasta-la-vista baby
5) Wait a new game “Train ride around the UK!” GarryBloggs playing but wait this game doesn’t have any data saving in it. You literally just ride around in the train, nothing is saved you can come and go at any time - this whole thread doesn’t exist for you even if you get a GDPR right to erasure request, if you know and can swear 100% that your game doesn’t collect any data then you’re safe. Keep chugging on making cool train games without a care in the world. I salute you!
6) When designing any kind of game and the DataStores don’t use something you won’t be able to find later the amount of people I’ve seen saving data overly complicated stop making it hard for yourself. Literally just use a standard format “[USERID]_save” and all the relevant data you want to save under that player.
Nothing extreme, nothing complex. You’ll thank it later when you have to go back and delete the data if you have to and you don’t have a system like 3/4 implanted where a user can delete their data at any time. You can use an very cool tool made by @Crazyman32 to easily edit/modify/delete it on the fly DataStore Editor it makes it less of a headache if you follow a simple standard format for ease of access in the future. Not only for GDPR requests but just in general
General Help
Previous Experience
One of the most biggest things to help you in a GDPR request is how well you document/inform everything. If for any extreme reason you want to say "but I did this and this and this and this" make it go in your favour in general. They opted into their data being saved, they knew how it was being used, they had every right to opt out without question and the right to delete their data from my game. That's much stronger than just "lol what is GDPR? idk how i saved the data, i took data without asking"Future Improvements to Roblox’s GDPR system
As of current the current implementation of GDPR is very weak, flimsy and un-scalable on Roblox. Not to mention in a larger scale. Without direct communication to the invoker (impossible, user already deleted from Roblox) it can be hard to abide and follow GDPR requests and follow other related GDPR requests (e.g. right to inform, I can’t link DigitalOceons privacy policy because of the “offisite website” rule) and not knowing when the GDPR request was executed I highly suggest you go and check out these threads on how to improve the current GDPR situation on Roblox
- Improve GDPR Messages
- Allow for linking back to relevant privacy policies for systems used (e.g. link to Azure’s privacy policy)
Other Helpful Resources
In Conclusion
Inform your users of what you’re doing with their data, give them the ability to nuke said data, explain where you’re using that data, in the future if Roblox supports it - allow them to read/get a copy of said data, provide opt ins and opt outs. I hope this thread provided you with at least some better knowledge then just getting stressed instantly at the thought of GDPR it’s a big scary sure but it’s there to stop a zucc from doing the Cambridge Analytical Scandal all over again. This thread took a long time to write, verify and check but there still might be some small/minor issues and welcome any feedback. I apologise in advance if it’s a little jumbled/back to front but I hope you find value in this thread.