Improve GDPR Messages


same here.


For Roblox wanting to comply with GDPR, the lack of tools for Developers to easily modify keys in their datastores is appalling.

In the mean time, you can use @Crazyman32’s DataStore Editor plugin to manually delete keys - it allows you to be in edit mode in any place and modify / delete / change keys in any datastore. Really handy for stuff like this.


How so? The plugin you link is a perfect example that it is possible with current API. (I don’t think Roblox should be the one to provide the editor, and you can do without editor by just issuing commands through command bar.) You should file a feature request if you have a use case that the existing datastore API does not support.


I prefer using graphical interfaces, though I think having a DataStores section in the game explorer would suffice.

Also never said anything about the API lacking, I’m talking about tools that developers can use.We have tools for everything else, why not have a convenient way to manage DataStores?


I’m confused as to why you would need a full overview of your datastores to delete data of a specific player. Normally, you would have this stored in one key, which you could just delete entirely to solve the GPDR request in the most straight-forward way possible. I would file a feature request if you have use cases for having a built-in datastore editor.


I feel like the data store part can be dealt with, its just the lack if information Roblox provides about which game that particular player was on is what makes it so much harder to delete that particular users Data.


I just got this today:

This is actually just five times the same message. I was wondering if they updated the message to include the game name to remove the user from, and that was why I was getting five, but this does not seem to be the case. The messages are entirely identical and don’t specify any information apart from the UserId to remove.

Wishlist for these messages:

  • Send one per UserID
  • Include a list of links/IDs of the games to remove the UserID from
  • Please send them directly to my email rather than my Roblox inbox


Same thing happened to me on a smaller scale.


Why cant roblox at least tell us which game they visited.
I got like 4 of these GDPR messages in a row…

GDPR Right to Erasure: How does Roblox know if you're storing user data?

Even if they did track which games you visited, they still wouldn’t be able to tell you because that data would have already been wiped.

EDIT: Or would it? They keep track of the users of the places they visited, after all… Otherwise, they wouldn’t be able to message you about these requests.


It really is frustrating. I have dozens of places public including groups that I own. I don’t have the time to go through and wipe every datastore everytime I get a message like this. If they could at least tell me the games that I need to wipe that would be great.

split this topic #52

10 posts were merged into an existing topic: Off-topic and bump posts

This thread is not for legal conjecture, especially if you are not a lawyer


Can someone from Dev Relations confirm to us that when we get a GDPR DM saying this is a legal obligation we are required to perform the action within. Thanks.


For reference for anyone who relied on this definition, this is wrong, please do not continue to rely on it. This guidance was published in 2012 and relies on a law from 1998 which has been entirely repealed. You need to delete users data when Roblox asks you to.


To add onto that, the Data Protection Act 2018 exists for those in the UK. (Along with the EU GDPR)

This is your reminder to never take advice relating to legal from random people (including those from the internet) who aren’t legal professionals. Do your own research and talk with a legal professional.


Another week, another set of requests

We need to have a list of games in these messages sooner rather than later. If there is a privacy concern, have the message with the list of places self-destruct after a while or instruct us to remove the message after addressing the request. I don’t want to waste 5-10 minutes per request just going through games searching for datastore entries and it turning up empty 90% of the time.

Help us comply with these requests by improving your communication in these messages, so that it takes less time and is less tedious to do.


Also another concern, I work with a team of developers, and the actual owner of the game gets tons of messages all the time, he doesn’t really read them as it’d be super time consuming. Getting GDPR requests should go to all developers who have edit access to the game. I especially need this as I have an external server that has some data. Or at least, have the option to set who can receive them.


Yet another set of requests with no information! Give us information to which game it is, Cant be that hard since it detects that that user has visited my game anyways.


6 months later and the system is still complete crap
doing it real well, roblox


I agree, it’s currently unmanagable, here is my experience with it:

-i have no idea which games the userIds have played
-i have to disable PMs and trades because otherwise i’m going to miss the messages when they come into my inbox. The roblox inbox isn’t the best place for these messages.

I saw buildthomas basically already said both of these points. It needs to happen