About GDPR and CCPA

What is GDPR?

GDPR stands for the General Data Protection Regulation. The GDPR is a law in the European Union that focuses on protecting the personal information of everyone in the European Union and European Economic Area by guaranteeing specific rights to the collection, use, and sharing of their personal information. These rights extend beyond the territorial boundaries of Europe, such that many companies or individuals that collect EU personal information are subject to GDPR.

What is CCPA?

CCPA stands for the California Consumer Privacy Act. This law provides rights to consumers who reside in California, USA, including knowing what information is collected about them, requesting a business to delete any personal information about a consumer from that consumer, and not to discriminate against a consumer if they exercise their privacy rights.

Impact on Developers

As a developer, here are some ways to honor a player's rights under GDPR and CCPA:

  • You may receive a message from Roblox regarding a personal information deletion request. Roblox takes special care to verify these requests to ensure that they're legitimate, so you should only comply to requests from Roblox. If a player contacts you first, please ask them to make the request at https://www.roblox.com/support.
  • Aside from user ID and username, do not store other forms of personal information such as birth dates or personal photos.
  • If you have already stored other personal information beyond what Roblox provides access to, remove it and update your experience so that it doesn't store that data in the future.

Removing Personal Information

If you're asked by Roblox to delete personal information about an individual who has exercised their right under GDPR or CCPA, you may need to delete specific data from your experience's data stores. A common pattern for identifying Roblox users in a data store is by their unique UserId prefixed by Player_, for instance Player_12345678. To create a console command script which deletes player data, follow the steps below.

  1. Open your experience's starting place.

  2. Inside ServerStorage, create a BindableEvent and rename it RemovePlayerData.

  3. Inside ServerScriptService, create a new Script and rename it ConsoleEvent.

  4. Paste the following code into the new script. Note that RemoveAsync() is the required method for removing a key from the data store.

    1local ServerStorage = game:GetService("ServerStorage")
    2local DataStoreService = game:GetService("DataStoreService")
    3local removePlayerDataEvent = ServerStorage:WaitForChild("RemovePlayerData")
    5-- Reference to player data store (replace "PlayerData" with the name of your data store)
    6local playerData = DataStoreService:GetDataStore("PlayerData")
    8local function onRemovePlayerDataEvent(userID)
    9 -- Pattern for data store player key, for instance "Player_12345678"
    10 local dataStoreKey = "Player_" .. userID
    12 local success, err = pcall(function()
    13 return playerData:RemoveAsync(dataStoreKey)
    14 end)
    15 if success then
    16 warn("Removed player data for user ID '" .. userID .. "'")
    17 else
    18 warn(err)
    19 end
  5. Publish the place, then run it in the Roblox client (not within Studio).

  6. Once in the experience, open the Developer Console by pressing F9 or typing /console into the chat.

  7. In the Log section, click the Server tab.

  8. In the console's command line, enter the following command, where XXXXXXXX is the user's ID provided to you by Roblox: game.ServerStorage.RemovePlayerData:Fire("XXXXXXXX")

Assuming a player data key was located with the Player_XXXXXXXX pattern, you'll see a console message indicating it was successfully removed from the data store: