Hello community, recently on December 29th 2020, I received right-to-erase-request from Roblox to erase all data stored of the specific user ID from the game ID. However the main problem is that currently I am unable to access Roblox Studio, because I don’t have any computer to operate with.
Might be wrong subforum, but I need help.
Unfortunately, it doesn’t seem like there’s anything you can do until you get back on a computer
They don’t come after you and take your assets if you just ignore it for a while. You’ll be fine. But, make sure you take care of it when you can.
Just do it as quick as you can. Don’t ignore it, but also don’t feel like it has to be done within X hours.
If you ignore it you’re on the risk to get in legal trouble, but you clearly aren’t ignoring it so there is nothing to worry about for now.
Pretty sure Roblox will just pull your game before they let you get into any legal trouble. They own all the data anyway so technically it would be you getting them in trouble. The rule states you have a month, but Roblox might not wait that long for it to be resolved.
That’s not true. This is what they write in the confirming document sent when finishing a GDPR Right to Erasure request:
The third parties are (among with other parties) we - the developers - if I remember correctly.
TL;DR
It’s the responsibility of the developer to erase the data from their datastores. The developer is also responsible for legal actions taken against them for not erasing the data.
Interesting, I wouldn’t really consider Roblox datastores as a third party service. Personally, I own none of the data that gets saved when someone plays my game - I only control it. And if I can edit the data store, then so can Roblox. Although I’m assuming part of the reason they don’t is because data can be saved in many different ways.
I’ve never really understood why anyone cares to request erasure on Roblox though. It’s not like I’m saving IP addresses or something. The most “exposing” thing is the user id which is always public unless you delete your account in which case that data is as good as gone anyway. I guess it’s just the principal of it. This all gets even more weird when you consider that this law is imposed on myself and others even though its from a country I’ve never been to…
Last thing, GDPR requests are taken very seriously by Roblox and I can’t imagine someone starting a request for no actual reason, as the process isn’t as easy as just asking for removal of your data.
I went to the process a few times (Right to Access and Right to Erasure once to delete an old unused ALT) and you have to verify your identity by submitting a picture of your ID card though a third party. For people who don’t actually want their data removed, this is a barrier because most of the people don’t feel comfortable with that.
Believe me I get it, I’ve had to do many of these before. I write my own datastore so I have a specific way to nuke a players data just for this. Still the only situation where this make’s sense is saving data externally (which is also something datastore2 does for backups in addition to just saving data normally). Either way I still think the data being saved is insignificant. I mean maybe there are some hackers out there who went through the trouble of sniping ips and are for some reason saving that but if that’s really the case I doubt they would care about these requests anyway. Any actual security related information (account stuff, emails, etc.) is gone as soon as you delete your account. A law is a law so obviously Roblox takes it seriously and so should developers, but at the end of the day I still don’t see the point.
This baffles me as well, considering that the deleted account would only be able to access the ID.
I’ve never used a data store before in my life. Don’t even know how to. Though, oddly enough, I still get these all the time. So, I just ignore them.
