[Feature]: GDPR/COPPA (retrieval)

[jonbarrow]

Checked Existing

• I have checked the repository for duplicate issues.

What feature do you want to see added?

A robust system for automatically handling GDPR/COPPA retrieval requests.

Why do you want to have this feature?

Right now we are compliant, but only because we handle these requests manually through requests on the forums. This is fine for our current volume, but it's not ideal in the long run and it means that if anything happens to the limited number of people who can process these issues (for security reasons not everyone on the team can) then we would no longer be able to be compliant.

Any other details to share? (OPTIONAL)

Feature issue of #4 , dedicated to the retrieval of user data

Simply adding a "request data" button on the website is not sufficient in this case, as we have MANY servers now which all need to be able to consume these requests and react accordingly. The following high-level services are required to be accounted for in data retrievals:

• Pretendo Network services as a whole
  • Account server (PNIDs, device info, etc.)
  • Game servers (of which there are many)
  • Non-game services (such as Juxtaposition)
• Stripe (This isn't our service, how do we handle this?)
• Discord (Remove linked rolls?)
• Forum (Anonymise accounts)

Since there are multiple places which need to process these requests, we need some system to be able to alert these services of the request. The first idea that comes to mind is a basic pub/sub system, where pressing the "request data" button on the website would publish a "gdpr retrieve" message. All relevant services would be listening for these messages and react accordingly. Though pub/sub is just one possibility, so long as all the relevant services are notified I don't think it super matters here (pub/sub, beaming requests through gRPC, whatever).

Once a service has finished processing the request however it should send the packaged user data to an aggregator, which will then send the user the data once all services have published their respective data. While this may be a bit slower, it avoids the issue of having each service send the data itself, which would result in a lot of spammy messages

Note: It has been implied that the account server should be the home for these types of things, which I disagree with. I think the account server should just be a consumer of these requests just like every other service. I think that's putting a lot of responsibility on the account server that it otherwise shouldn't have (and we've been trying to scale back the account servers responsibilities recently took, like the removal of the DataStore proxy)

[AToska21]

Made a comment related to this on #6. You could do basically the same thing here but instead of deleting it would be retrieving.
For example, to fetch a customer on stripe you would GET https://api.stripe.com/v1/customers/cus_123456 instead of DELETE.