Personal data anonymizer
Overview
This document shows how we handle GDPR user rights to erasure (right to be forgotten). In general, the flow will be:
Users can call the forget-me API directly in the player portal, or call the API in-game or from a website.
The API will generate a GDPR event and the player will now indicate they want to be forgotten.
When the GDPR event is received, we erase the PII (personal identifiable information) by blocking out the current PII information in our data warehouse.
Requirement
- ETL schema version 1.5
Schema
We will add a new table called gdpr_account_anonymized_t to save the user ID that has been anonymized. This table will ensure the data is prevented from being re-inserted in the future, particularly in the backfill process.
gdpr_account_anonymized_t schema:
| Column name | Data Type | Nullable | Constraint | Relations | Comment |
|---|---|---|---|---|---|
| finished_ts | timestamp | no | when the data is completely anonymized | ||
| id | big serial | no | Primary Key | auto-generated ID | |
| job_run_id | big integer | no | Foreign Key | job_run_t | ETL job run ID |
| user_id | big integer | no | Foreign Key | user_t | user ID |
Personal data replacement is shown in the table below:
| Table name | Column name | Replacement |
|---|---|---|
| user_email_t | Redacted | |
| user_display_name_t | display_name | Redacted |
| user_date_of_birth_t | date_of_birth | 0001-01-01 00:00:00 |
| payment_properties_t | external_user_number | Redacted |
| thirdparty_account_t | thirdparty_uid | Redacted+UUID |
Flow
