Skip to main content

Personal data anonymizer

Last updated on December 17, 2024

Overview

This document shows how we handle GDPR user rights to erasure (right to be forgotten). In general, the flow will be:

  1. Users can call the forget-me API directly in the player portal, or call the API in-game or from a website.

  2. The API will generate a GDPR event and the player will now indicate they want to be forgotten.

  3. When the GDPR event is received, we erase the PII (personal identifiable information) by blocking out the current PII information in our data warehouse.

Requirement

  • ETL schema version 1.5

Schema

We will add a new table called gdpr_account_anonymized_t to save the user ID that has been anonymized. This table will ensure the data is prevented from being re-inserted in the future, particularly in the backfill process.

gdpr_account_anonymized_t schema:

Column nameData TypeNullableConstraintRelationsComment
finished_tstimestampnowhen the data is completely anonymized
idbig serialnoPrimary Keyauto-generated ID
job_run_idbig integernoForeign Keyjob_run_tETL job run ID
user_idbig integernoForeign Keyuser_tuser ID

Personal data replacement is shown in the table below:

Table nameColumn nameReplacement
user_email_temailRedacted
user_display_name_tdisplay_nameRedacted
user_date_of_birth_tdate_of_birth0001-01-01 00:00:00
payment_properties_texternal_user_numberRedacted
thirdparty_account_tthirdparty_uidRedacted+UUID

Flow

Flow diagram