Awesome! I was really worried about this because I have two games with DataStores, and one uses some very unconventional methods of saving data. Now I don’t have to go through that headache if I don’t need to 
What else would you delete UserIDs from?
Yeah this will be helpful for sure. Before, it was kinda hard to tell what they wanted to erase. For right-of-erasure, what laws specifically does it fall under? How can you send a right-of-erasure? Does this include non-roblox databases, like firebase, mongodb, or other off-site databases?
Happy fall break everyone.
This is a huge improvement for developers with multiple games, so thank you for providing this small update!
Going forward, will there be any way to automate GDPR messages, as it is still quite cumbersome to respond to the messages manually. Allowing some method of automation would greatly improve the workflow and allow for accurate deletion of data from DataStores where possible.
Additionally, using Roblox messages is a very secluded way of reaching developers, particularly those that get hundreds of messages, or those with trade requests enabled that get a message every time a trade is sent.
Is there plans to open another form of media to reach developers? Even email would be better than Roblox messages. Another alternative would be a form of “developer messages” from Roblox under the create tab.
Hey Roblox!
Thanks for the update, while this is a great step forward. The lack of API to automate these inputs is a major setback for developers.
Using the player message API works but is not the easier step possible. Is Roblox looking to change this? Using an in game API? Web access? Maybe a part of an online datastore access?
Can we expect to see Data Protection options for support directly now?
What about other GDPR/CCPA/LGPD related rights?
Are we going to see data notifications placed in a new location which clearly identify these messages to avoid missing them?
Have you considered using the quote markdown rather than using italtics?
Hey you guys might of misspelled something.
Also this is gonna make a great update! Good to see something new is happening!
This change is nice to see, but this doesn’t address the pain point of what if developers don’t/can’t keep track of their inbox. Roblox already has the infrastructure to use emails as shown by the emails we get about premium payouts, so why not use that?
Additionally, there is still no reasonable way to automate this. I can’t just set up a script to automatically clear data, or if I did, without a major security risk or it just randomly breaking. Even with this change, it is still a manual process to now first check if the place id(s) are relevant, and then actually manually clear the data. If anything, more steps have been added if the game ids are checked by the developer, or nothing has changed if this is too must to check for.
What does this exactly mean? Delete the user from all of my games? I can’t really understand what this is saying. I’ve never heard of having to delete a user from a game. Will I get this message because a player of my game wants his progress to be deleted, or because of Roblox moderation seeing a problem in my game?
This will be very useful information going forward. At least we won’t have to go through our entire library of games trying to erasing data.
It means to delete their data, as they don’t want their existence or data to be stored
You must delete all the data connected to that user. Please look at the GDPR, CCPA and LGPD to fully understand.
For example: Right to erasure | ICO
There are also topics on the DevForums on this area.
CC: @Ty_IsHomeSchooled
I understand this, but where else would you store UserIDs is my question?
What do you mean by “all records”, aren’t datastores the only thing that gets stored in a game? Also, how much time do we have in order to delete their data and what will happen if we fail to do it on time?
Thanks for finally implementing this! This will save me like 90% of the time of addressing a GDPR request which is huge for old accounts with many active game slots that touch datastores.
I send analytics data to my website when players join games. If I ever get one of these notices, I’m expected to clear up the info in the analytics too.
I’m confused. What other records would there be besides those in DataStores?
ALL records? Doesn’t this mean if a malicious user gets banned, and they request for their data to be deleted under all records, including ban records, doesn’t this mean they get unbanned?
It means that if we store user data else where, we need to delete that
Any systems you contact via HttpService where you persist user data. (This likely doesn’t apply to your game, only a small portion of games do this.)
Yes, you have to comply with the request regardless. Privacy law doesn’t care whether you banned a user from your game or not.
They won’t be unbanned because their account is wiped. They can’t log into that account anymore.
The account itself is deleted forever and Roblox doesn’t do 1 account policy.
Oh I see, so if wiping doesnt only apply to specific games, its account wide. Thanks for the clarification.