Improve GDPR Messages

Eight times the same message in a row, same userId, no clue why it’s sending me it 8x.

8 Likes

Could it be because these are for eight different games? There is no way to know because of the lack of information though…

1 Like

No, the player only had data for two of the games I own.

5 Likes

This is honestly just as bad as any other error message Roblox has. Be it in Studio, in-game, or on the website through messages. There’s a trend of non-descript messages that spam you and don’t serve any other purpose other than to be an annoyance.

20 different “Random LinkedSource is out of date or can’t be found” messages that block studio access until you click the ok button on every single one and doesn’t detail what LinkedSource is missing.

Repeated spamming of “Remote Event Execution exceeded limit did you forgot to implement on Client event” 100 times per second, resulting in extremely poor game performance with again, no information on which event it is.

Personally, I think this thread should be expanded to include all messages Roblox generates. As every error message doesn’t serve a purpose currently.

3 Likes

Bumping this because it still has not been addressed.

I was fairly close to not getting the message because there also wasn’t a push notification for me. If Roblox wants to actually comply with the GDPR requests, the messages need to be delivered to us through a channel that isn’t shared by every other message on Roblox.

22 Likes

Bumping again as I just got my first 2 notices back to back. I don’t even know what games I’m suppose to delete them from. I have so many games and data stores that I have to go through because I literally don’t know what to delete them from. So there goes an hour of my time…

7 Likes

They should look to automate this process inside of the datastore or something really. Its inefficient to have to look through messages to process this stuff manually.

Though I’ve never had to deal with it so Idk if that’s the actual process or not. Just my two cents.

1 Like

It would have to be some kind of API (since it’s impossible to know where and how the developer stores player data, might be in one key, might be over many keys, might be that multiple players are included in one key, etc) and having the API doesn’t make sense until you can run singleton logic somewhere (universe scripts?).

I was thinking universe scripts too for getting the script to always listen for an event. But since every game stores data differently, I figured we could leave it up to the developer as it is now, just pass the event and userId / info… and then let the developer remove the data according to their system. Kinda like how we process receipts now for developer products but in reverse.

They could at least tell us which games we need to delete their data from. I had to check for their data in all of my games which took forever since for one of my games their userId is used for leaderboards across multiple levels.

6 Likes

Has there been any internal discussion on a developer dashboard where developers could track things such as GDPR requests?

I believe that simply sending messages to developers is unacceptable as it can very easily get lost and never be seen by the developer.

5 Likes

Another set of GDPR requests, another 15-20 minutes of sifting through games finding save files, while they have only ever played one of the games I have ownership of each.

Please give us a way to find out from which games to remove which user IDs.

4 Likes

It is absolutely ridiculous that a solution hasn’t been implemented for over a year since the feature was released. I have 586 places at the time of writing this, however I have no way of associating them with the UserId provided. Hell, I also have no idea which of my places implement a form of data storage.

To comply with the GDPR requests, it is imperative for developers to more easily be able to access and be notified of the requests, and act upon them by being provided with at least a list of places that the user has visited which are owned by the developer.

The process needs to be streamlined, there are over 70 replies in this thread demonstrating the difficulties developers experience trying to act upon the requests. Firstly, the lack of UserId association. Secondly, the lack of proper notification when a request is sent.

For a platform marketing itself as being “in the background” and giving developers the tools to succeed in creating and running studios serving millions of players, it sure seems like a failure that something so critical which impacts the entire development community hasn’t been addressed.

14 Likes

I have no idea if this has been suggested yet, but I think we need a Player DataStore system, one that Roblox can erase with the push of a button, everything related to that player. That way we don’t have to receive risky information about what player played what game when. It would need to be accessible from only the server and even when the player is offline, like current DataStores. Idk, it seems like a lot of bloat. But it’s about all can think of to satisfy all parties.

7 Likes

15 times the same request, no clue why there’s 15 (not relative to the number of games)

Can we please start to take this pipeline for GDPR requests more seriously. This is a hot mess.

19 Likes

Another day, another frustratingly vague GDPR request. As a Roblox developer, this continues to be a majorly inefficient paint point for development.

I have no idea where to go from here. I have 200-ish active games spread across my account and several groups. Even worse, the 8-digit user ID indicates that the user joined late 2011-early 2012, which means I have to check every place I’ve had active in 8 years–more than 500 places. This is not feasible, even if I use basic logic to rule out games with no visits/no datastore system.

There are other issues too, such as the inability to remove data from global leaderboards without a username (a common practice is to save a player’s normal data to their user ID, and then a copy of whatever stat is being tracked to a global datastore tied to their username for easy display).

On top of that, if I’ve reset the data or changed naming schemas at any point during the game’s lifespan, I have to remember what all of those formats are and go back to change them.

If Roblox thinks I’m going to spend two hours to process a single GDPR request they’ve got another think coming.

Even simply adding a list of affected games would work wonders in minimizing the required effort. It’s been two years and no effort has been made towards improving the functionality of these messages–besides minor formatting changes, the message body and information provided has remained the exact same.

20 Likes

This still needs improvement.

I just received this message. Although Roblox has added a username to the message so it’s easier to track exactly who we’re removing the data of, which is a good thing in name of transparency, this is still not enough.
I own multiple games and groups, all which have countless data store entries from the millions of visits they have gotten. I have no idea which of them this person was in.
This forces me to spend quite some time painfully going through each game, just to cross my fingers and hope that one of them was this user.

Roblox should show us what games contain the user’s data. This has been requested all the way since 2018, and we’re in 2020 and this is still not a thing.

This is extremely frustrating.

Edit: I’m at a complete loss here. Multiple of these games have had their data store names change multiple times over time, and I have no idea which data store they could possibly be in.

Also, what am I supposed to do when some of these games use third party data storage modules, such as DataStore2?

How does Roblox keep track of the user’s data being stored in a dev’s account? Couldn’t they use that same data and display it to the developer so we can actually know where to search?

Edit again:
Upon running for i, v in pairs(game:GetService('GroupService'):GetGroupsAsync(<snip>)) do print(v.Name) end, I have found out the user in question was a member of a group I happen to have edit places permissions in but do not actively work on. This makes me more relieved, but further proves that Roblox seriously needs to improve their GDPR messages.

Also, I shouldn’t be responsible for that group… right?

7 Likes

This is a huge issue which still isn’t addressed.
Please, do something to this. Send an email, create a new type of inbox (called Notifications) or send an urgent notification to the notification feed.

The regular inbox shouldn’t be used for these important messages. I get flooded with tons of messages each day, so because I would easily miss GDPR messages. (Yeah, I can close my inbox, but there aren’t other ways for me to get feedback from players of my games.)

Nothing has been changed to this, and that’s frightful.
Don’t ignore this feature request, please take it seriously. We are talking about legal stuff.

5 Likes

Quick update from our side: About a year ago we updated the message to include the places impacted (i.e. which games/experiences belonging to the dev the user requesting erasure has played/used). This makes it easier to know exactly which games/experiences to look into. This addresses your second point.

On the first point, not all devs have registered email addresses and there are legal concerns around releasing the userID of somebody exercising right-to-erasure off platform (email is not secure). We continue to consider better options for this.

On the final point, we are working on tools that will make it easier to remove user data from Data Stores via an interface on the Creator Dashboard when a right-to-erasure request comes in. We don’t have a precise release date, but are hoping to have them available within the next six months to a year.

25 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.