I’m a bit lost here. For clueless people like me would somebody mind explaining how exactly you could automate a GDPR request using this? Using it through Discord for example, would people need to make a bot to read the content of incoming webhooks? If so this still feels like a very complicated solution only accessible to people proficient in bot development, web development etc.
You can send it to any webhook you need. Roblox just made special integrations for Discord, Guilded and Slack.
If you send it anywhere else you get a default response body containing the user ID of whom to delete the data, you can then use the datastore open cloud API to automatically remove that data.
Assistance or tutorial for how we could use this for automatic GDPR erasure would really be appreciated. I have no idea how I would utilize it myself and I don’t feel like it’s fair that I have to learn it in order to handle a pain point that Roblox seemingly have all the tools to solve themselves.
I understand this will have more uses in the future, so I should definitely learn more about webhooks regardless. But for now it’s only GDPR which is a very niche case to learn to handle.
I don’t think I’m alone in feeling overwhelmed by the amount of GDPR messages we receive. While bigger studios might have automatic solutions in place already, I still think it’s in Roblox’ interest to make sure smaller studios can comply regardless of technical know-hows.
Let’s assume you have a very simple setup where you have an experience that stores some PII in player data in Datastores. (there may be experiences that have more complicated external systems where they need to remove data as well; this is just a simple example)
Create an Open Cloud API key that has datastore access for the specific universe.
Host a script somewhere (or use a third-party platform) that intakes the webhook event payload, parses the “gameIds” list in there, and then if “gameIds” contains your specific experience that you want to automate right-to-be-forgotten to, delete the respective Datastores key(s) for that userId via Open Cloud API with the API key.
Create a webhook that is set up for right-to-be-forgotten events on Roblox as per this announcement, and point it at your address where the endpoint that your script listens to is hosted.
I agree we can probably provide some example in the documentation like I just did above. I will take this feedback to the team.
It should be noted that GDPR is a complex topic, and many games store their data in many different ways (datastores, external systems, external analytics platforms, loggers that go to Discord/Guilded/etc that may contain PII). It is up to you as developer to properly erase the user data where needed, since we don’t have a way to find and delete relevant data in all the different systems you may be using.
(For specific questions and tailored recommendations, I recommend consulting our terms and/or a legal attorney if you are running an actual experience and have in-depth questions on what you should remove on a right-to-be-forgotten request.)
This is good feedback thanks. I have forwarded this internally.
For context we try to ship features in small iterations so that we can provide something useful to the community fast and get feedback more quickly on what we are releasing so that we can take that into account for future work.
This release today doesn’t mean this is the most we will ever do towards the ability to automate right-to-be-forgotten, it’s just a single step towards simplifying this problem (and many other problems as we onboard more event types onto webhooks).
It’s mentioned in the announcement of DataStore V2.0 that metadata could potentially be used to create a tool to automate right to erasure requests, is this still in consideration?
The comments you link should have been interpreted like: “you as a creator can now use these tagging features to do this”. We are not currently working on anything else regarding datastore RTBF automation to the best of my knowledge. (which doesn’t mean we will ever/never do this, just that it’s not being worked on at the moment)
I recommend supporting existing feature requests (or creating your own) on anything you need regarding datastore RTBF automation.
Note that even if we abstract automation of RTBF for datastores away for creators, it would still obligatory for us to inform you about the request of the user under GDPR.
We appreciate the feedback. We will be providing an update in the Webhook documentation page soon to better assist with this.
This is only the beginning, stay tuned for further assistance. We are working on providing a good way to help you automate the process by providing some sample code, Demo and Bots.
Can’t there be both? Developers who use external systems, analytics platforms and loggers, most likely have the technical knowledge to make use of the Webhooks. For them, this is perfect. But for Developers who solely rely on Roblox services for data storing and analytics, which I assume are the majority of the developers, why can’t Roblox handle this?
Like why can’t there be two solutions:
Webhooks - External services
Roblox - DataStore
Is it because of redundancy? As in why support both solutions when solution 1 can cover both cases? I can understand this from Roblox’ standpoint. But as a developer, having 2 solutions is much more convenient. Even if I did use external services and knew how to setup Webhooks, I’d still prefer if Roblox handled DataStores because that would mean 1 less platform/service to worry about, support and connect to the Webhooks.
Hey @SirMing as mentioned in my posts above, the release of webhooks today does not mean we won’t ever do more in terms of allowing you to automate right-to-be-forgotten. Thanks for the feedback.
This is not how it works. Roblox’s ability to process GDPR requests will almost always be greater than another developer’s (as Roblox is bigger than 100% of developers on the platform, and they process GDPR requests when their servers are online). There’s no guarantee that developers’s servers will be available when Roblox processes the GDPR request.
even if your system crashes you can have it automatically reboot within seconds
So what happens if a GDPR request is sent in those few seconds that your system is offline?
The point of redundancy isn’t to handle the 99% case when your server is online to handle the GDPR request, it’s to handle that 1% case when it’s in maintenance, or something unexpected happens. Even if there is only one unhandled GDPR request because of a lack of redundancy, that’s a failed system in this case.
There has to be a method of redundancy, whether it be as simple as relying on 3rd party platforms to cover the gap in server uptime or a method such as Roblox PMs to handle missed requests.
We should be able to get a list of the most recent 10 or 50 or whatever number GDPR removal requests. Each removal request has a unique ID. Once our software gets the list and performs the deletion, we send a POST back along with the IDs that we’ve completed.
Then the next time we request a list of removal requests, the ones we affirmatively marked as completed are gone and we only get ones we haven’t marked as deleted.
This way, there’s no chance of downtime causing us to miss a request.
Note that this can be implemented now by a developer using the PM system but… There’s a ton of security problems with deploying a program that has access to your entire account onto a remote server. We should be able to create a special API key that only has permission to view unmarked removal requests.
What if you made an event listener that is hooked up to when GDPR removal is requested?
It could be something like this:
game:GetService("DataRemovalService").RemovalRequest:Connect(function()
--Experience developer applies removal logic for removing data from datastores
end)