How to automate GDPR requests resolving?

As of 2023, is it possible to automate the process of fetching and resolving GDPR requests without giving a game direct access to the developer account? I was thinking of giving a bot account access to the experience, however, if the bot is seen as a game developer but hasn’t created the experience(the experience is made by me and owned by a group) will it receive the GDPR request messages or have a way to see them? Basically, has any of you figured out ways to automate dealing with GDPR requests(through API requests, etc) without giving your game direct access to your developer account?

If this is currently an unsolved problem, I consider it a good candidate for a new cloud API key service.

I ignore them, I’m from the EU and you’re only required to delete identifying data.
Since we don’t have that to begin with these requests are utterly pointless.

As far as I know only the game owner / group owner gets them, not heard from any of my others devs they get them.

So unless you’re willing to expose your account to a bot it might be very hard to do.

The EU's GDPR only applies to personal data, which is any piece of information that relates to an identifiable person.

Does that mean that GDPR doesn’t apply to Roblox usernames? What if the usernames themselves contain such a piece of information(for example a player uses their real name)?

Well they shouldn’t do that but I suppose that could be an edge case, but usernames no longer exist after account deletion (you can’t look them up), so unless you save them to a datastore you should be fine.

If I save a user id to a datastore and use Players:GetNameFromUserId on it to fetch the name in-game will it retrieve the original username or a randomized sequence of letters and numbers?

The website no longer allows you to check them, though I never checked what you just said

1 Like

I just checked and it raises an “Uknown user” error, the same one that it raises when a user doesn’t exist. Based on that I can assume that a GDPR request has been made if I try to fetch information in-game about the specific player which I know exists but the request says they don’t. However, is the “Uknown user” error reliable or it has a chance of firing when Roblox servers are messing up, and thus flagging wrong users as GDPR?

I’m quite sure Roblox just sends them to be safe so they’re not liable, as long as you save no identifiable data you’re good

Hey guys,

We’re working on allowing GDPR requests to be sent via email or sent as a payload via Webhooks. Stay tuned for a late-March early-April release.

4 Likes

THANK YOU SO MUCH! I plan to release a game that relies on large amounts of automation and data going back and forth and being able to automate GDPR is a blessing for me as a dev and the playerbase :innocent:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Hi team, Please take a look at our announcement for the release on webhooks. This is the first step we have taken towards assisting you in the process of automating GDPR requests. Please try out the feature here : https://create.roblox.com/dashboard/settings/webhooks

Reference to the announcement: Introducing Webhooks for External Notifications

Please provide your feedback here. This is not limited to RTBF (GDPR) requests alone. we would be adding many more notification types in the future. You can configure the above to receive notifications on Discord, Slack or Guilded.

1 Like