Riot Games reorganized and updated their privacy notice on April 14, 2026, consolidating sections and clarifying how personal information is collected and used. The main structural change combines collection and use information into one section and removes a separate section on purposes. The company also narrowed the scope of what third-party practices it disclaims responsibility for, changing from 'third parties we don't own or control' to 'third parties we don't control,' which could potentially broaden the types of entities Riot Games may have some operational relationship with while still disclaiming privacy responsibility.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.
The narrowed third-party disclaimer may affect transparency about which companies have access to or share your data, particularly if Riot Games owns entities it does not fully control. For California residents, the restructured privacy notice may change how purposes for data collection are disclosed, potentially affecting clarity about how your information is used.
→ Users may not clearly understand which affiliated or related companies Riot Games shares data with or considers outside its privacy responsibility.
→ California residents may find it harder to identify specific purposes for which their data is collected due to the reorganized notice structure.
→ Consumers relying on Riot Games' third-party disclaimer to understand their privacy protections may be misled if the company now claims non-responsibility for entities it owns or has significant relationships with.
Removed 'we don't own or control' and retained 'we don't control,' narrowing which entities Riot Games explicitly disclaims privacy responsibility for.
Consolidated collection and use information into a single section for California residents, moving away from separate purposes listing in Section III.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Riot Games may now be claiming it is not responsible for practices by third parties it does not control, even if it owns them or has some other business relationship with them, whereas previously it disclaimed responsibility only for entities it neither owned nor controlled.
Riot Games materially revised the structure and scope of its privacy notice on April 14, 2026. The company consolidated sections on data collection and use, which may affect how the notice satisfies California Consumer Privacy Act notice-at-collection requirements and similar transparency obligations in other jurisdictions. More significantly, the company narrowed its third-party disclaimer by removing 'own or control' and retaining only 'control,' potentially shifting how much operational responsibility the company is willing to disclaim for affiliated or related entities. This language change may trigger review by privacy counsel to ensure the notice remains compliant with CCPA, GDPR (for EU users), and general FTC Act transparency standards, particularly if Riot Games has acquired companies, operates shared infrastructure, or maintains data processing arrangements with entities that are not wholly subsidiary but subject to Riot Games influence.
CCPA (California Consumer Privacy Act), GDPR (General Data Protection Regulation), FTC Act Section 5 (unfair or deceptive practices)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001275.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherRiot Games updated its privacy notice on May 6, 2026 to clarify that its U.S. entity is now called 'Riot …
Riot Games restructured its Privacy Notice on April 19, 2026, reorganizing how it describes data collection, use, and retention. The …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.