There are new updates to our Terms of Use and Privacy Policy on the Roblox platform, effective as of July 6. These updates are intended to clarify the language used in our previous update regarding GDPR. You can find the previous announcement here:
These updates are minor and no new sections have been added.
Why is this feature limited to members of the EU. Even if non EU members are not entitled to know what personal info is on us, we should still be allowed to view it; Steam is the largest game platform on the web, and gave everyone access to a page that included all the data they had on them.
Every mainstream platform allows everyone to request and see their data, i.e Discord, Twitter, Google, Facebook. It is not only results in a better end user experience, but it is also easier for these big companies to just let everyone see their data, rather than to create an entirely new process to sort through and only allow EU residents. Roblox must not see the need, may not think they will receive a large amount of inquiries, or don’t think it will be a popular option.
If they don’t have to show us, I guess they won’t.
Is moderation history considered personal data? That’s data that they have created and connected to you, but not data that you have submitted to them that has been collected.
As someone who does have their account info as a result of a successful GDPR request I can tell you that Roblox will give you…
One excel spreadsheet with every login ever, from what IP, when it started and when it ended. The real one contains the full IP and time to the second, I’ve gone and redacted this info
Along with a word document which has, a letter about GDPR with a table of personal data categories
Then…
Every username
Date of Birth
Email accounts ever connected to the account
And same phone numbers
Social Medias accounts connected
Facebook sign in ID
Every MAC address
Every single time something was bought with payment details
DexEx
GAID or IDFA (for Android or iOS)
AndroidID, IDFV, or WindowsID (for Android, iOS, or UniversalWindowsPlatform)
Although I was misssing some data such as a period of history from my account. At this time, I have not gotten any Roblox moderation history from it. Although both have been questioned
Couldn’t that much information potentially put Roblox users in the EU at risk? Or users everywhere else?
You can gain knowledge of someone’s current home address just from their phone number.
Social Media accounts could also put user’s privacy at risk, i.e. real name, location, pictures, etc.
I’m also pretty sure Mac Addresses carry over physical location data, but I’m not entirely sure about that.
Personally, I think collecting information like that puts all users at risk, especially if there is a massive data breach.
The breachers could also potentially break into user’s accounts using their phone number, as has happened with various YouTubers. Which is why I’m heavily against using any kind of 2FA other than an email address. Phone numbers just aren’t as secure as people like to think they are.
The amount of time and verification needed to do this is not worth it. It required full EU ID from me as a result. I suspect the MAC addresses were partially redacted.
If you’re a breacher, it wouldn’t matter to you about the verification process, especially if you know how to hack servers and such. Though it’s most likely very time consuming.
Still, I don’t trust those elements of personal information being stored.
Every bot account has this info so rip all the money they spend on storage for all of it and the comments they post. Didn’t know they recorded everything you did, it’s probably for moderation.
That’s not true as there is a segment in the letter which clarifies that.
I. Personal Data Provided to You in this Correspondence
Two appendices are attached to this letter. Appendix I lists the categories of personal data Roblox collects in general and could collect from you and the envisaged period for which the data is stored or the criteria used to determine that period. Appendix II provides the basic set of personal data that Roblox actually has collected from you. Since Roblox does not collect the same information from everyone who uses our Services, the actual data in Appendix II could be fewer than the possible data listed in Appendix I. Please review both appendices to determine what personal data Roblox actually has about you, and what retention policies are associated with that data. “Services” shall have the definition set out at https://en.help.roblox.com/hc/en-us/articles/115004647846-Roblox-Terms-of-Use
Extracting from that, if it’s too long…
Since Roblox does not collect the same information from everyone who uses our Services, the actual data in Appendix II could be fewer than the possible data listed in Appendix I.
