About GDPR and CCPA

What is GDPR?

GDPR stands for the General Data Protection Regulation. The GDPR is a law in the European Union that focuses on protecting the personal information of everyone in the European Union and European Economic Area by guaranteeing specific rights to the collection, use, and sharing of their personal information. These rights extend beyond the territorial boundaries of Europe, such that many companies or individuals that collect EU personal information are subject to GDPR.

What is CCPA?

CCPA stands for the California Consumer Privacy Act. This law provides rights to consumers who reside in California, USA, including knowing what information is collected about them, requesting a business to delete any personal information about a consumer from that consumer, and not to discriminate against a consumer if they exercise their privacy rights.

Impact on Developers

As a developer, here are some ways to honor a player's rights under GDPR and CCPA:

  • You may receive a message from Roblox regarding a personal information deletion request. Roblox takes special care to verify these requests to ensure that they're legitimate, so you should only comply to requests from Roblox. If a player contacts you first, please ask them to make the request at https://www.roblox.com/support.
  • Aside from user ID and username, do not store other forms of personal information such as birth dates or personal photos.
  • If you're asked by Roblox to delete personal information about an individual who has exercised their right under GDPR or CCPA, you may need to delete specific data from your experience's data stores.
  • If you have already stored other personal information beyond what Roblox provides access to, remove it and update your experience so that it doesn't store that data in the future.