I’m glad we finally have a way to fully automate GDPR requests. Webhooks make clear sense to me with this being the first use case. What I am concerned about is the cost of attempting any sort of compliance because it requires hosting, a domain, and an SSL certificate. As a Software Engineer who deals with writing server applications and some light IT administration, this is fine. The 2018 version of myself would not be able to do this though. I doubt the 2018 version of myself would be able to nail the HMAC SHA256 signature verification part alone.
I really hope some sort of fully in-platform method can be created in the future. How is beyond what I can say, but putting the cost (time on money) on developers to get and maintain hosting + a domain is a lot to ask for a platform that manages nearly everything else. It also seems weird to have an in-platform request go out of the platform just to back in through Open Cloud for most (but not all; some games use external services) use cases.
To save fellow casual IT technicians out there the time of figuring all this out, my server application is open-source.
I know but the thing is that these webhooks are kinda useless. We can’t even send something from a roblox game to discord using this new system. It would be nice if there were a service which would be able to send anything to a webhook. From example:
local My_Webhook = game:GetService("WebhookService").link(WEBHOOK_URL)
My_Webhook:send(JSON_ENCODED)
This elaborates on how you can extract the data from the payload that we send across. A code sample has also been added.
The data that is extracted can be used by you to automate using your custom http endpoints or Discord Bots. We will provide more help in the near future with the process of automating the RTBF requests.
Re-iterating what we had mentioned before: We have placed security as one of our goals while implementing the webhook feature.
If you have configured a custom http endpoint you should also look out for the “roblox-signature” in the header. Using this information here you can prevent 2 types of attack :
Replay attack
Prevent Roblox impersonation while sending notifications.
Please refer to the documentation for more details.
Can’t and won’t happen.
GDPR requests have a requirement to be checked. If you leave this to the game itself there’s all kinds of things that can go wrong.
What if there’s not a single game server of your game up, nothing will be done in that case because no-one is there to serve the GDPR request
What if there’s more than 1 server available, now who is going to be responsible for cleaning up the data, server 1/2/3/etc?
What law says you can’t automate the process of removing users from your datastores if they requested to have their data removed, it seems a bit made up.
If there is no servers running, then you wont really have people requesting their data deleted. For sure games can die out. And if that is the case, then you just have to do it manually.
Users that request their data to be deleted do not have to be online, within the game.
This can happen either on request or when people delete their account.
It is simply not something a game can properly handle, given there can be no game instances online.
If this service would come at all, it will first need something like universe level scripts (non-game scripts running in the cloud, completely standalone from game servers).
I never implied that you are not allowed to automate it, you completely misunderstood the statement.
I said this can’t be delegated to the game because of the reasons I mentioned above, this should be handled by a singular service, which is always online.
Have it run in the cloud in a specialized server by inputting some code in the creator dashboard telling it what to delete. Then it can delete data no matter if there is an actual game server or not.
I am very much aware, except Roblox first teased us what they called “Universe level scripts” back in what, 2020 or something, when it was listed on the roadmap.
This could’ve been the solution to that, however back since then it has never reappeared in some form. I obviously don’t know what is going on with it, if it’s either taking much longer than expected, scrapped entirely, etc. Point is that it’s far off.
This is the most worthless implementation of GDPR request automation I can think of. I’m not going to host my own webserver on a constantly running server to take data from Roblox, so I can delete data at Roblox. Oh, and if they ever try to reach it and the server is not there, they’ll just drop the request on the ground. All this so they can avoid booting up my experience one time to call a simple API.
Implementing right to erasure is part of the GDPR. But guess what?
Not sending people’s PII to third parties (whether that be Discord or whatever Discord Webhook Proxy you’re using) is also part of the GDPR.
Do you have the informed consent of the users to send their PII to Discord or a Discord webhook proxy? No? Then don’t violate the GDPR in order in an attempt to not violate the GDPR.
It’s not PII. I’ve tested this system already, the only identifying thing that gets sent is your original UserID; and I doubt you’re going to remember that string of 8, 9, maybe 10 digits, more then like half a day out. Maybe you could google this UserID on another site to get the original username, but most third party Roblox websites already erase any data they have on you when your user dissappears.
The UserID is absolutely PII. Any information which could be used to uniquely identify an individual is PII. Whether that be a social security number or just an ID. Once someone has it, even if Roblox deletes it from their pages, someone can go to the Internet Wayback Machine, get the user’s profile page by searching for www.roblox.com/users/USERID/profile. They now have the username.
Through that logic, every single website ever violates the GDPR for not deleting the user’s data from third party’s individual hard records. The UserID is how most people store user data, and is the only thing that remains when directly after a GDPR request is fulfilled, therefore, it makes the most sense for developers to obtain the UserID in order to purge any data from their records.
Unless you can propose a better way for developers to purge their DataStores (or to give Roblox an automatic way to do so) when it’s not UserID-based?
It is personal data but only if it is linked to an account that stores the data. If the account is no longer available, then the ID is no longer personal data.
The problem isn’t the existence of the data. The problem is the transmission of the data to third parties without user consent.
There are multiple ways Roblox could do it:
Require user data in DataStores to be tagged with a user ID in experiences, delete that data when a GDPR request is received automatically. (This would probably break a lot of existing experiences though).
Create a special type of script (ExperienceEventScript) that can run whenever an event for that experience is received by Roblox. Because it would be running at Roblox, there’s no GDPR violation with that.
And, usernames and user ids fall under the category of “pseudonymization” in the GDPR. And while they might help to protect the actual identity of the user, they are still considered PII. This is because they can be linked to a user. You don’t know if that linkage has already been done somewhere out on the internet.
