Right to Erasure request compliance issue

My goal:
I want to comply with the Right to Erasure requests.

The issue:
I want to save whitelisted/blocked users for in a game with building, but to consistently save this information, I need to save their UserId in the other user’s data.
Next to that I also want to save the userid inside of loose items to trace back the original owner as a nice feature.

Possible solution #1:
Using Players:GetNameFromUserIdAsync(), if roblox says the user doesn’t exist, remove this part from the data.

local Players = game:GetService("Players")
local Data = {
	["OriginalOwner"] = 123456789;
	["Foo"] = "Bar";
local Success, Result = pcall(Players.GetNameFromUserIdAsync, Players, Data.OriginalOwner)
if not Success and Result == "Players:GetNameFromUserIdAsync() failed: Unknown user" then
	Data.OriginalOwner = nil

Possible solution #2:
I could save the whitelisted/blocked players in a separate key.
Then the key then needs to consist out of two userids, the plot owner and the user who has rights on this plot.
Then to remove it, I can search for this key.
But this solution would cost a lot of datastore requests if a user wants to block or whitelist multiple users because there is the request limit. This can be solved with a block and whitelist limit around 10 users, so keys needed to load the data are limited.
But I then can’t save the original owner of loose items, because there would be way too many loose items to track.

I would personally want to go with approach #1, but I am not sure if that will comply, it likely won’t delete the UserId from all stores unless the other users load their data and have it not exist in the backup stores anymore.
With approach #2 I won’t be able to have some features in game.

One more issue I am thinking about:
If user 1 builds something on user 2’s plot, this data is generated by user 1, but inside of the data of user 2.
Let’s say user 1 sends a Right to Erasure request.
Since this data is generated by user 1, does this need removal?
If so, this could damage the progress of user 2 plus it would be almost impossible to track every plot user 1 has built on.

1 Like

I’d go with solution #1, solution #2 requires you to retain data that should be deleted from Roblox’s data stores which is required of Roblox legally.

Since you’re already verifying the other player’s validity, ask the player if they want to preserve data from the deleted player. This will let the player know about extra data without revealing whose data it used to be.

If they opt to keep the data, transfer the deleted player’s data to the current player’s data and treat it as their own. It’s a good idea to ask for their preference before using the data to load game components.

1 Like