Recently I received a Right to Erasure Request for my game. The message states that I must erase the given UserID from all the datastores; however, having not known about this rule until now, the datastores are not setup to efficiently erase specific UserIDs. I erased the main player and leaderboard data for this UserID, but:
The Daily Leaderboard datastores have been saving daily scores for potentially hundreds of days.
The Purchase History datastore saves the key as a combination of the UserId and the PurchaseId.
It would be extremely expensive/time-consuming to iterate through hundreds of days erasing data from the Daily Leaderboards (18 for each day), and impossible to know the exact purchase IDs if this user has any purchases. There is probably a better way to handle datastore keys, but it’s too late to fix it now, as this UserID could potentially be in any of these hundreds of datastores.
What would be the best way to handle this request? Is it safe to ignore the request for these datastores since the scores are not personally identifiable and it’s probable that there is no purchase history?
You could try arguing that since you deleted the main player and leaderboard data, that the remaining data isn’t personal anymore, but this can be risky so i’d just suggest actually complying, and then changing your data saving to be able to counter this in the future. Even if you wouldn’t have got this, i still would have suggested changing the way you save data, saving it with a new key every time a player buys a new data is a very bad idea, you shoulda just used the player’s id, and store every bought item there, or use something like lapis to do this for you (don’t use it if you are only planning to do it for the product handling). As i’m unsure how you are actually saving your data, i can’t help further, but surely you can find a way to delete them, even if it’s expensive.
I mean I’d like to comply but the main issue is scope - is it really feasible to go through every daily leaderboard for hundreds of days with datastore budget constraints? This would be at least 18*365=6570 leaderboards. And how do you suppose I find the keys that were used to save the purchases? I didn’t have much of an idea on how to handle purchase history at the time, so the code is based on sample code from the official marketplace service documentation.
I could potentially change the way save data works, but that’s not relevant to my current issue as the User ID I need to erase might already be saved in potential thousands of leaderboards.
I managed to remove the keys from the PurchaseHistory using the ListKeysAsync method with the prefix parameter. I also created a script that will loop through all the daily leaderboards. It will probably take a long time, but that’s the way it needs to be done.