Personal data anonymizer
Overview
This document shows how we handle GDPR user rights to erasure (right to be forgotten). In general, the flow will be:
-
Users can call the forget-me API directly in the player portal, or call the API in-game or from a website.
-
The API will generate a GDPR event and the player will now indicate they want to be forgotten.
-
When the GDPR event is received, we erase the PII (personal identifiable information) by blocking out the current PII information in our data warehouse.
Requirement
- ETL schema version 1.5
Schema
We will add a new table called gdpr_account_anonymized_t to save the user ID that has been anonymized. This table will ensure the data is prevented from being re-inserted in the future, particularly in the backfill process.
gdpr_account_anonymized_t schema:
| Column name | Data Type | Nullable | Constraint | Relations | Comment |
|---|---|---|---|---|---|
| finished_ts | timestamp | no | when the data is completely anonymized | ||
| id | big serial | no | Primary Key | auto-generated ID | |
| job_run_id | big integer | no | Foreign Key | job_run_t | ETL job run ID |
| user_id | big integer | no | Foreign Key | user_t | user ID |
Personal data replacement is shown in the table below:
| Table name | Column name | Replacement |
|---|---|---|
| user_email_t | Redacted | |
| user_display_name_t | display_name | Redacted |
| user_date_of_birth_t | date_of_birth | 0001-01-01 00:00:00 |
| payment_properties_t | external_user_number | Redacted |
| thirdparty_account_t | thirdparty_uid | Redacted+UUID |
Flow
