GSmGpE6CwX2y9JjB25B8
We use cookies on this site to enhance your user experience

About GDPR and CCPA

About GDPR and CCPA

Aug 29 2019, 2:13 PM PST 10 min

Disclaimer

The information contained in this document does not constitute legal advice. If you ever have specific questions or concerns, we encourage you to talk to a lawyer. Roblox does not and cannot serve as your lawyer, and Roblox is not responsible for any liability or costs you may incur as a result of relying on this information.


What is GDPR?

GDPR stands for the General Data Protection Regulation. The GDPR is a law in the European Union that focuses on protecting the personal information of everyone in the European Union and European Economic Area by guaranteeing specific rights to the collection, use, and sharing of their personal information. These rights extend beyond the territorial boundaries of Europe, such that many companies or individuals that collect EU personal information are subject to GDPR.

What is CCPA?

CCPA stands for the California Consumer Privacy Act and it becomes effective January 1, 2020. This law provides rights to consumers who reside in California, USA, including knowing what information is collected about them, requesting a business to delete any personal information about a consumer from that consumer, and not to discriminate against a consumer if they exercise their privacy rights.

What is Personal Information?

Most people associate the terms “personal information” or “personally identifiable information” (PII) as data like a name, email address, or home address. However, GDPR and CCPA have broader definitions for personal information which can also cover information that does not directly link to a specific individual, such as user IDs or IP addresses.

As a general rule, developers should not collect more personal information than what is supplied by Roblox, for instance the user ID and username for their players. For more information, see our community rules.


Impact on Developers

As a developer, here are some ways to honor a player’s rights under GDPR and CCPA:

  • You may receive a message from Roblox regarding a personal information deletion request. Roblox takes special care to verify these requests to ensure that they’re legitimate, so you should only comply to requests from Roblox. If a player contacts you first, please ask him/her to make the request at https://www.roblox.com/support.
  • Aside from user ID and username, do not store other forms of personal information such as birth dates or personal photos.
  • If you have already stored other personal information beyond what Roblox provides access to, remove it and update your game so that it doesn’t store that data in the future.

Removing Personal Information

If you’re asked by Roblox to delete personal information about an individual who has exercised his/her right under GDPR or CCPA, you may need to delete specific data from your game’s articles/Data store|Data Stores. A common pattern for identifying Roblox users in a data store is by their unique Player/UserId|UserId prefixed by Player_, for instance Player_12345678. To create a console command script which deletes player data, follow the steps below.

  1. Open your game’s starting place.
  2. Inside ServerStorage, create a BindableEvent and rename it RemovePlayerData.
  1. Inside ServerScriptService, create a new Script and rename it ConsoleEvent.
  1. Paste the following code into the new script. Note that GlobalDataStore/RemoveAsync|RemoveAsync() (line 13) is the required method for removing a key from the data store.
local ServerStorage = game:GetService("ServerStorage")
local DataStoreService = game:GetService("DataStoreService")
local removePlayerDataEvent = ServerStorage:WaitForChild("RemovePlayerData")

-- Reference to player data store (replace "PlayerData" with the name of your data store)
local playerData = DataStoreService:GetDataStore("PlayerData")

local function onRemovePlayerDataEvent(userID)
	-- Pattern for data store player key, for instance "Player_12345678"
	local dataStoreKey = "Player_" .. userID

	local success, err = pcall(function()
		return playerData:RemoveAsync(dataStoreKey)
	end)
	if success then
		warn("Removed player data for user ID '" .. userID .. "'")
	else
		warn(err)
	end
end
removePlayerDataEvent.Event:Connect(onRemovePlayerDataEvent)
  1. Publish the place, then run it in the Roblox client (not within Studio).
  2. Once in the game, open the /articles/Developer Console|Developer Console by pressing F9 or typing /console into the chat.
  3. In the Log section, click the Server tab.
  1. In the console’s command line, enter the following command, where XXXXXXXX is the user’s ID provided to you by Roblox.
game.ServerStorage.RemovePlayerData:Fire("XXXXXXXX")
Assuming a player data key was located with the Player_XXXXXXXX pattern, you'll see a console message indicating it was successfully removed from the data store:
Tags:
  • gdpr
  • ccpa
  • personal information
  • data storage
  • data