Legality of user_id

kevintoner · 07-18-2023 03:14 PM

Hello guys,

Does anyone know the legality of using user_id in bigquery ?

With GDPR, I'm worried about any data which could be regarded as personal 😅

I am using it for a mobile game. In the game I don't record any personal information. The data logs i take are user actions in the game. The data will stay within the company. I want user_id so I can track the user actions for each play session

This is fine to do? Or do I need permissions or anything like that?

Thanks,

Kevin

ms4446

Under GDPR, personal data is any information that can be used to directly or indirectly identify a person. This can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

In your case, if the user_id you are using cannot be used to directly or indirectly identify a person, it may not be considered personal data under GDPR. However, if the user_id can be linked with other data to identify a person, it could be considered personal data.

kevintoner

Thank you for your response ms4464 😊

The user_id would only track user's within the one app. It wouldn't track users across multiple apps or anything like that.

The only information I have that might be regarded as personal is the data that BigQuery default records, the potentially most "personal" information would be the user's city and their device name.

None of the data from events I record is personal (e.g. quiz complete, question correct,...)

Considering that the information of concern comes from BigQuery, I was hoping there would be a readymade definitive answer from Google's side to let me know if I would need to do action in regards to legality of the stored data.

Could you check if any sort of readymade answer exists?

Thanks,

Kevin Toner

ms4446

Based on your description, it sounds like you're taking steps to minimize the personal data you're collecting, which is a good practice under GDPR. However, even seemingly non-personal data like device name and city can potentially be used to identify an individual, especially when combined with other data.

Google provides several resources that can guide you in understanding how to handle data in BigQuery in a GDPR-compliant manner. Here are some of them:

Overview of data security and governance | BigQuery - Google Cloud: This document provides an overview of the data governance practice that you should build around BigQuery. It includes a framework for defining, agreeing to, and enforcing data policies.
BigQuery data security and governance features | Google Cloud: This document summarizes the data security and governance features available in BigQuery. It includes concepts and overviews for securing resources with Identity and Access Management (IAM) and securing data.
GDPR and Google Cloud: This page provides information about GDPR in the context of Google Cloud. It explains the privacy legislation and lays out specific requirements and principles for the lawful processing of personal data.
BigQuery Admin reference guide: Data governance - Google Cloud: This guide provides information about data governance in BigQuery, including how to store metadata about tables and how to use labels for filtering data in Cloud Monitoring or in queries against the Information Schema.

Remember, while these resources can provide guidance, it's always a good idea to consult with a legal expert to ensure you're fully compliant with GDPR.