Through that logic, every single website ever violates the GDPR for not deleting the user’s data from third party’s individual hard records. The UserID is how most people store user data, and is the only thing that remains when directly after a GDPR request is fulfilled, therefore, it makes the most sense for developers to obtain the UserID in order to purge any data from their records.
Unless you can propose a better way for developers to purge their DataStores (or to give Roblox an automatic way to do so) when it’s not UserID-based?