I rarely check my messages in general but I checked just now and noticed two completely identical messages from almost a month ago which stated that I had to “delete a User ID immediately from all of my records” in a specific game that I own.
The game in question was made over 3 years ago and hasn’t been updated since then. The only thing in the game that could possibly be storing data is a gamepass script but there’s no log in my group of anyone other than myself ever buying the gamepass, so I have no idea as to how or why there would be any stored data of this user.
The messages said:
Hi Dev, We received a right-of-erasure-request for the following User ID(s):
(didn’t include this for obvious reasons)
Please delete this User ID immediately from all of your records (e.g. games, data stores, etc.) from the following Game(s):
Please note that you must delete the User ID from all of your records, and not just from your data stores. The pages linked above are provided for informational purposes and are not intended to provide a comprehensive method of deleting User IDs.
Regards, The Roblox Team
I’ve looked into the Developer Hub links but I’m having a hard time understanding what they’re saying because I’m not a scripter. I’d like to know what I can do to remove this player ID from any potential data stores within my game.
I got these messages for very old games (which aren’t even public anymore) too, if you don’t have any data stored there you don’t have to do anything, you can just ignore it.
Right to Erasure comes from the Eurpoean GDPR when a player wants to remove the records of their account. As such, you have to delete any and all data associated with that player (which is usually in the form of something like a DataStore).
If you have no data at all for this user, great; nothing to remove, nothing to worry about. Double-check, because this is enforced under data protection laws.
You will have to remove their data manually. If you are using DataStores in your game, look into how and what is being stored for this particular user and remove it. Use functions like RemoveAsync() to do so.
Hoping it’s this but the problem I’m having is that my knowledge in the area of scripting is minimal; I don’t understand how to look into datastores. I’ve looked at other topics with the same issue but none of it made any sense to me.
Often you have to Handle them Manually and your not wrong. However you can Automate this proccess now with Roblox Adding Webhooks now. Just thought to mention this if anyone wanted to automate this proccess. (Helpful for the bigger games on the platform)
Yup. Only question is if you send data outside of roblox, example, Using discord webhooks to send data to a discord server (most common one I see) although considering you may not even know what is and how to do it, Your completely fine as No datastores exist within your game.
Bump! I got one. What happens if I don’t fulfill this request? I honestly can’t be bothered doing this, isn’t this ROBLOX’s job to remove them from all datastore and stuff from your game automatically? Why should I have to keep doing this every time someone wants their data removed?
The same thing happened to me and I used the RemoveAsync thing in my leaderboard script and my global leaderboard script. And I also ran a command as well. I’m not the best scripter so I’m not sure if it worked or not. The game itself only had a few hits anyways and I’ve since private the game shortly after. I’m just freaking out a bit trying to figure out if the data was removed or not.
I don’t think you’re not 100% safe either. Some scripts / frameworks especially from the toolbox relies on what’s called a require() which is loading a ModuleScript from Roblox’s asset store. Examples of these are “admin” systems, leaderboards, etc.
That being said, as long as you really tried to comply and delete the requested data you should be safe. Otherwise someone else might have just abused this feature by using multiple “EU-made” accounts to play the targeted game just enough to trigger DataStore saves and perform multiple actions of RTBF requests to get the targeted person banned, similar to the animation exploiting incident months ago.
First let me start this post off with, I’m not a lawyer
If you don’t store any user data, you can ignore this message. If you do store any data, I believe you have 30 days to remove it. I just curate a list from these messages and clear gdpr player data each month on the first.
I’m not aware of any systems that can determine if you did comply, aside from for example a leaderboard that displays various users. Although I wouldn’t recommend simply ignoring these, especially if you are within the EU.
