Update to GDPR Right-to-be-Forgotten Messaging

lagnis7859 · November 24, 2020, 8:33am

On what grounds can I refuse their request and what can be the reasons for refusing it?

Hacreey · November 24, 2020, 10:54am

Most ignore cases I’ve heard are from people who use datastore2 or similar (time/increment-based backup saving) and would have to somehow iterate through hundreds of time stamps. Also, what exactly proves you’re storing data unique to the requested player? A UserId in the end is just a number that can mean a variety of different things.

gs_ck · November 24, 2020, 11:12am

I never understood these GDPR messages, Roblox knows the user’s ID and the places the user has info saved on, surely you could just remove it yourself?

buildthomas · November 24, 2020, 12:08pm

They don’t know what datastore name and key format you use, so they would have to scan the entirety of the database contents for a place if they were to validate / remove it in the way you suggest. Also even with that approach you risk deleting unrelated data because a userId is just a number, it could correlate with any other numerical data the developer might be storing.

Also, they don’t know whether you may or may not be storing data in external systems that Roblox does not have access to.

PinkSarcasm · November 24, 2020, 12:13pm

You can not request individual game data be deleted. Upon sending a GDPR deletion request your account is completely erased and you can no longer log into that account.

Conmmander · November 24, 2020, 2:08pm

I think it is worth noting Roblox doesn’t seem to be able to prove in this instance if you are holding onto user data or not. The only reasonable explanation on why they’re asking you as a dev to delete their data is quite simply because they don’t know how you store stuff in your datastore. If they did, wouldn’t it stand to reason that they would just do it themselves?

I do wish Roblox would give more guidance on the topic and reveal their stance on it though.

NoobFragged · November 24, 2020, 4:33pm

Just curious here, but the UID is Roblox’s way to identify the player through their system.
Once Roblox has done its job, the UID now no longer should contain any identifying information.
In our games, we actually do not have any identifying information on a player at all, just a UID that we have no real access to information outside of it.
So at that point, isn’t the UID, if Roblox has done its part, just a meaningless number with no identifying information?

I mean unless we’re keeping chat logs, wouldn’t a reference visit to our game in our datastore just become the equivalent of “a non-existent player visited this game”?

Whereas I absolutely understand on Roblox’s end the UID can possibly contain billing information and an email address, which is identifying information, that would legally obligate Roblox to delete all applicable reference data.

However, as a developer, our data is non-identifying outside we reference a player within Roblox’s database. The moment Roblox does its job and deletes any identifying information, the UID in itself is now no longer identifying, and therefore a reference to a once existent UID in our datastore is not capable of identifying anyone under any circumstances.

The UID from a game developer’s end is simply a proxy for a Roblox account which is specifically what it identifies, and that by no definition under the GDPR is itself identifying the moment Roblox fulfills its requirement to delete relevant data from their system.

Here’s an example for simple terms:

Say Roblox identifies the player Bob as 1234 and within that number 1234 contains all Bob’s information.

In our game’s datastore, we simply reference “Roblox account 1234 played our game” which allows Bob to return to our game and play again, this is how we as a developer use Roblox account 1234 as a proxy for Bob as Bob = 1234.

Now, once Roblox deletes relevant account data for Bob and Roblox account 1234 no longer represents Bob in any identifying way, the proxy reference to 1234 = Nil.

This means we simply have a datastore reference to Nil.
So from the developer’s end of this, we do not contain personally-identifying information.
All we have is a reference to Nil once played our game.
I personally don’t believe that would hold up in any court anywhere as retaining identifying information and would be more than willing to defend that in such courts.

GamersInternational · November 24, 2020, 5:56pm

This is good as I’m a contributor to a game that uses datastores heavily to store stuff that a user might of sent. This’ll make it easier to comply with the Data Protection Act (UK’s Implementation of GDPR, Data protection: The Data Protection Act - GOV.UK).

therikald · November 24, 2020, 6:04pm

Would it be possible for this message to come to our DevForum inbox as well as our Roblox inbox?

Personally, I don’t use the typical website all too much due to the great functionality built into Studio to configure games and places etc.

Therefore a message to my Roblox account might not be seen for a few weeks, whereas I am on DevForum typically every few days.

shadowcalen1 · November 24, 2020, 7:23pm

I have broken down several likely options here.

GoldenretriverLP · November 25, 2020, 12:10am

Off-Site analytics, off-site data storing, etc.

BraxbroRoblox · November 25, 2020, 1:22am

I will ask this: if we hash user IDs before storing them, are we still responsible for purging that data? Or, because they’re altered in a nonreversible way, do they no longer count?

chasedig1 · November 25, 2020, 1:54am

I agree! DatastoreService should have a “GDPRRequestSubmitted” event or something of the like. Being able to delete all data on a user programmatically would be a much nicer way of going about it!

This is an improvement either way, however I do wish this they had implemented it sooner, as it doesn’t seem like that complex a task for all the time it would have saved developers.

Thank you, Roblox!

Smaltin · November 25, 2020, 7:09am

This is really helpful, as a lot of us usually have a lot of games and not just one. My friend got a right-of-erasure message, but we have 3 games and cannot determine which game is “infringing.” Thanks for the update.

GoldyyDev · November 25, 2020, 9:53am

I think the next step for this system is (once serverless scripts are introduced) to add a GDPRRequest API, programmers aren’t exactly legal experts and it will be easier for us if we can automate it.

Ty_Scripts · November 25, 2020, 1:08pm

I wouldn’t actually like this, because not everybody saves their keys in the same way. For example my game Ro-Chat saves DMs like this:

local key = plr.UserId .. "With" .. other
-- i.e. 12345With54321

I don’t think that would get detected or erased by the bot, and it might just erase other data.

DutchBloxxer · November 25, 2020, 1:42pm

You can’t. You’ll have to do what is stated in the message, or else there will be legal consequences. Don’t be lazy, and respond to these requests. Ignoring them would be disrespectful to the person who has made this request, as it’s their full right to have privacy on the internet.

BraxbroRoblox · November 25, 2020, 1:58pm

By API they mean add something us scripters can hook to automate the system, rather than doing it manually. You’d be able to do your UserID alterations as appropriate with said API.

BraxbroRoblox · November 25, 2020, 1:59pm

There are several grounds upon which you can refuse GDPR requests. They’re not unrefusable.

For the record, those grounds are outlined in the GDPR itself and everyone should have a quick read if they’re going to make their game available to European audiences.

GamersInternational · November 25, 2020, 5:28pm

I should of asked this question when I originally wrote the post but will UK citizens still be allowed to submit the requests after 1st of January? I’m asking this because of Brexit and as most people know, we are currently in a transition period. Travel or do business in Europe: Brexit guidance - GOV.UK