Data Protection and historical data

I lend a hand on the unofficial API discord and I’ve had this question a few times in PMs and I don’t how to answer, I’m hoping a blue can give me an idea so I can disseminate (and link to this forum post).

How is historical data handled under the new data protection policies? I’m aware full profile data is expected to be deleted if not refreshed, but I think this example is slightly more specific.

Eg. WoWProgress has guild history, knowing what guild you used to be in would have been through an API query for data that is now stale for over 30 days, and with no ability to refresh the data of your old guilds (you’ve left them), does Blizzard expect that to be deleted and thus WoWProgress to lose that data?

If so, is it Blizzard’s intention there can never be a legal means to provide a full guild history on any website?


Edit

A practical example:

Let’s say you’ve got:

Cooldude is in Method and you do an api query to detect this.
…Some time later he changes guild…
Cooldude is in Limit and you do an api query to detect this.
… 30 days pass …

Can you list that Cooldude used to be in Method? The api data that gave you that information is now stale for 30 days+ even if Cooldude is still allowing his data to be queried.

I have a maybe-related question around the policy for characters who are still listed in their current guild roster, but who are 404 for individual queries. This could be for example an alt that has not logged in since the start of the new API valid period.

My code already deletes all their extended profile information on receiving the first 404. I could also delete the minimal information from the guild roster reply (i.e., name, level), only the effect of that is that I’d just end up re-scanning it the next time I got that guild roster again.

What I do for now is I leave just the skeletal information along with a “scanlock_id” which is a reason code for why I shouldn’t scan for that character even when I see it returned (or use it in any queries or present it in any way in my UI.)

My current placeholder policy is that scanlock expires in 30 days and so would try again once. This is all placeholder policy I haven’t really thought through. Anyway I’m open to any thoughts or objections?

Nice one, I have the same question. My use case is almost the same, I’m working on a group matching app to help players find good groups (and the other way around) in a broader way than it is currently possible in-game.

In order to do so I would need some player historical data (not tied only to a character but to an account), a few examples are to keep player recommendations, guild history and a user score.

In this particular case the most relevant data will be generated by players directly on my app, but tied to a bnet account. If I have to delete data every 30 days one can simply stay “off” for 30 days, wait for their data to be gone and re-authorize to begin with a clean score.

I know it’s the holidays just seeing if there’s any update?

If I recall correctly, this was answered by a blue a few months ago. If something comes up as invalid, ALL data regarding that something needs to be removed.

If my character (Example) was to… for privacy reasons, or because I deleted them… come up as invalid, WoWProgress would need to remove Example’s guild history, etc within 30 days.

That’s my understanding anyway.

This isn’t quite addressing the subtlety of the question.

Let’s say you’ve got:

Cooldude in Method and you do an api query to detect this.
…Some time later he changes guild…
Cooldude in Limit and you do an api query to detect this.
… 30 days pass …

Can you list that Cooldude used to be in Method? The api data that gave you that information is now stale for 30 days+ even if Cooldude is still allowing his data to be queried.

From Veltarii’s post
These points in particular:
2. What do you mean I have 30 days to “delete” or “refresh” data?

We value our players’ privacy and their right to determine what happens with their player data. By refreshing any retained data every 30 days, it allows the data to remain current and relevant. This ensures there is never out-of-date player data and provides an option for players to ask for their data to be hidden - if they so choose.

6. Instead of deleting player data, can I simply anonymize it?

Because there’s no defined threshold of anonymity, we don’t want to take the chance. We want all our players and developers to be as protected as possible. In short: please adhere as closely to the data lifespan of 30 days as possible.

Given the above, I believe that even if Cooldude allows his data to be queried, his current data states that he is in Limit and your old dataset which had him in Method is now out of date and no longer valid.

I think any data you obtain from the API should only have a life span of 30 days, any data older than that should be deleted and you should pretend it never existed.

Given the new data protection rules I would say that if they wanted us to know about any data older than 30 days they would give us particular endpoints such as the Mythic Keystone and PvP Leaderboards, these endpoints let you query data older than the 30 day rule.

Thats my take on it.

1 Like

@RIDDICK Which is why I think this is incredibly important to have a Blue answer to. It means no website, even with explicit user permission can ever provide a ‘verified’ guild history.

You may get faster answers in the Unofficial Discord (There is a blue that reads that)… but the truth is, the blues of this forum may have to talk to the higher ups about this if they were to change any of the rules to make allowances for that.

Howdy Developers!

Apologies for the delay in response. These laws are complicated and we want to make sure we provide the most accurate, concise response that we possibly can.

We appreciate your patience through all of this, and your feedback helps us highlight areas in which we can provide more information. We’ll update the FAQ once we have more to share!

Thanks ~

Thanks for the reply. It will be disappointing if you can’t provide a verified guild history for someone even with their permission.