EA · EA Privacy and Cookie Policy

Open-Ended Data Retention

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

EA keeps your personal data for as long as it needs to run its services, and can hold onto it even longer for vague 'operational or other legitimate reasons' without specifying any time limits.

Consumer impact (what this means for users)

EA does not commit to specific retention periods for any category of personal data it collects, meaning your gaming history, voice communications, device fingerprints, and purchase records could be retained indefinitely under the 'legitimate reasons' carve-out.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Submit a data deletion request through EA's privacy rights portal. Navigate to the 'Your Choices and Controls' or 'Contact Us' section of EA's privacy policy page and follow the instructions to submit a deletion request for your personal data.

Cross-platform context

See how other platforms handle Open-Ended Data Retention and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Without specific retention periods for each data category, consumers cannot know how long EA holds their most sensitive information — such as voice recordings, device fingerprints, or gameplay data — and cannot effectively exercise deletion rights.

View original clause language
We retain the information we collect for as long as necessary to provide our Services, and we may retain that information beyond that period if necessary for legal, operational, or other legitimate reasons.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates GDPR Art. 5(1)(e) (storage limitation principle — data must be kept 'no longer than necessary' and specific retention periods must be established and documented); GDPR Art. 13(2)(a) (obligation to inform data subjects of retention periods or criteria used to determine them); CCPA/CPRA §1798.100(a)(3) (right to know retention periods); and UK GDPR Art. 5(1)(e). The ICO, EU/EEA DPAs, and California AG hold enforcement authority.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC has jurisdiction over EA Inc. US's data retention practices as part of its broader authority over unfair or deceptive acts under FTC Act Section 5 and DPF compliance.
    File a complaint →
  • State AG
    California AG enforces CPRA's data retention disclosure requirements (§1798.100) for California residents, including the right to know how long personal information is retained.
    File a complaint →

Provision details

Document information
Document
EA Privacy and Cookie Policy
Entity
EA
Document last updated
April 29, 2026
Tracking information
First tracked
March 20, 2026
Last verified
April 28, 2026
Record ID
CA-P-003682
Document ID
CA-D-00306
Evidence Provenance
Source URL
https://tos.ea.com/legalapp/WEBPRIVACY/US/en/PC/
Wayback Machine
View archived versions →
SHA-256
6ef6b6ee185c651b01773460745644b56ff636b96bffeda4b0f814ee02ec3cac
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: EA | Document: EA Privacy and Cookie Policy | Record: CA-P-003682
Captured: 2026-03-20 04:18:30 UTC | SHA-256: 6ef6b6ee185c651b…
URL: https://conductatlas.com/platform/ea/ea-privacy-and-cookie-policy/open-ended-data-retention/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document