I’m curious what does the request do? Does the account get deleted from Roblox?
What happens to an account that requests a GDPR?
I’m curious what does the request do? Does the account get deleted from Roblox?
What happens to an account that requests a GDPR?
Anonymized and deleted, they won’t be able to log in with that account anymore.
Finally. Now if only you could remove the " this is an obligation under data protection laws " because its not. It may be under select circumstances, but it is not universally the case.
But how would they check? They’re is no way for Roblox to know if a certain DataStore key belongs to a player, because keys are not attached to a player, they are attached to a string (which could literally be anything).
Of course I would always delete player data if it was requested, because it be kinda risky if I didn’t, but I just wondered how Roblox could punish you for not clearing their data when there’s no way for them to know if it was cleared or not.
Maybe Roblox keeps logs on players
While this is better, maybe there should be API in game so that whenever a server runs or is running and there is a request to delete data it can be automatically completed without the dev having to worry about it
I do not collect personal data, and it is against the ToS to do so, so how is GDPR relevant to us?
This isn’t about collecting user’s personal data - this is about collecting data relating to the user. If you store the user’s ID in your datastores (which you should, as this is the standard method of retrieving a user’s data when they join your game), that falls under GDPR and needs to be removed.
How are we supposed to store banned players if we get a request to remove their user ID from our records? Do you expect us to just “pardon them” and let them do whatever they want? Yeah, no.
EDIT: Sorry, I meant to post this in the main thread, not as a reply.
Read the other replies in this thread before asking a question first since it’s been answered multiple times.
Does this include the username of said player? I log Usernames of players into a site to track how active users are, sorta like what you do but Usernames not UserIDs
EDIT 2: If you are gonna respond to go off on collecting when people are logging in and out of my games, go off on the people that log in-game chats offsite as well, or who use external sites to store data.
Their account is deleted so they can’t access your game afterwards anyways.
Wait we get emails for Premium payouts? Where do these filter?
The UID in and of itself is not actually personally identifiable information under the GPDR.
identifiable natural person is one who can be identified, directly or indirectly,
in particular by reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural
person;
However, because it is linked to Roblox, and Roblox may have billing information on file, the UID can be classed as “Personal Information”. Now a caveat to this: To comply with the GPDR, roblox has to delete all personal information on the user (which is kinda ironic because by sending you a message telling you to delete the UID of the player, they are storing the UID that they have to delete on there servers), which means that the UID of the player can no longer qualify as personal information.
You should get an email the first time you get premium emails from some sort of “no reply” email. Ideally, the GDPR messages should be able to go through the same system.
Oh yeah I remember that email. I wish there was a separate tab in group pages to see when Premium payouts show up, as of now you just randomly receive around 100 R$ depending on how popular your game is. But thats off topic.
I was getting to a point like this in my game soon. Love the idea!
Yes, exactly. Their ID is associated with their account and their game data. Therefore you must purge the data relating to it, and, by extension, the ID itself from your datastores.
The ID being associated with there account and game data have nothing to do with anything. The question is whether or not that game or account data is identifiable information. If Roblox has done their job, the ID cannot be used to identify a natural person, and therefore is no longer personal information, and by logical extension, we have no obligation to delete it.
I go into this in greater detail in the post I linked above, but based on my communications with Roblox about this, the erasure messages are sent in compliance with Article 17.2 of the GDPR. This means that we are only responsible for the data about the user given to us by Roblox. This is why the erasure message only mentioned deleting the user ID, not information about the user.
If you don’t want to comply with a data erasure request, that’s your choice. But it can and will lead to consequences later on down the road.