Riot uses your gameplay habits, preferences, and device data to serve you personalized ads, and shares relevant data with third-party advertising companies to do this.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your in-game behavior and device profile are being used to build an advertising profile shared with external partners, which extends data use beyond what many players would expect from a gaming account.
Interpretive note: The notice references opt-out rights without specifying the complete mechanism for all jurisdictions, and does not enumerate advertising partners or the specific data fields shared with them, leaving the precise scope of sharing unclear.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.
View change record →Gameplay behavior, device identifiers, and preference data may be shared with third-party advertising partners to enable targeted advertising. California residents and EU users have opt-out or objection rights; users in other jurisdictions should review what choices Riot makes available through the privacy request portal.
How other platforms handle this
We may share this information with ad networks and other advertising partners for the purpose of cross-context behavioral advertising. We may also share this information with other trusted partners, including those that enable you to access offers or promotions by linking or connecting your Grubhub ...
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
Sending you information about Adobe products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes, where your consent is not required; In some cases, in order to show you more relevant ads, we disclose with social medi...
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We and our third-party partners, including advertising partners, may use the information we collect from you, including information about your gameplay, preferences, and device, to provide you with targeted advertising both within and outside of our Services. We may share data with advertising partners to facilitate this. You may have rights to opt out of certain uses of your data for advertising purposes, depending on where you live.— Excerpt from Riot Games's Riot Games Privacy Notice
REGULATORY LANDSCAPE: Sharing behavioral and device data with advertising partners engages CCPA/CPRA's 'sale' and 'sharing' definitions, which require opt-out mechanisms including honoring Global Privacy Control signals. GDPR requires either consent or legitimate interests balancing for behavioral advertising; the Article 29 Working Party (now EDPB) has issued guidance indicating that behavioral advertising typically requires consent rather than legitimate interests. The FTC's enforcement posture on behavioral advertising has emphasized transparency and consumer control. GOVERNANCE EXPOSURE: Medium. The notice discloses advertising data sharing and references opt-out rights for applicable users, which represents a baseline compliance posture. However, the notice does not enumerate which specific advertising partners receive data, nor does it specify which data fields are shared, which may not satisfy GDPR's transparency requirements. The reference to opt-out rights being available 'depending on where you live' may create compliance gaps in jurisdictions not explicitly addressed. JURISDICTION FLAGS: California residents have CPRA rights to opt out of sharing for cross-context behavioral advertising. EU/EEA users should have consent-based mechanisms for behavioral advertising under the ePrivacy Directive and GDPR. UK users are subject to UK GDPR and ICO guidance on adtech. The Brazilian LGPD also imposes consent requirements for certain advertising data processing. CONTRACT AND VENDOR IMPLICATIONS: Advertising partner contracts should include data processing agreements specifying permissible use of shared data, particularly given CPRA's contractual requirements for data sharing relationships. Third-party advertising partners receiving data about users who may be minors create heightened obligations under COPPA and CCPA's provisions on minors' data. COMPLIANCE CONSIDERATIONS: A full audit of the advertising partner ecosystem, including the specific data points shared and the contractual basis for each sharing relationship, is warranted. Consent management platform (CMP) implementation should be reviewed to confirm that opt-out signals including GPC are being honored as stated. The notice should be reviewed to confirm that the 'do not sell or share' mechanism is clearly accessible, particularly on mobile platforms.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your in-game behavior and device profile are being used to build an advertising profile shared with external partners, which extends data use beyond what many players would expect from a gaming account.
Gameplay behavior, device identifiers, and preference data may be shared with third-party advertising partners to enable targeted advertising. California residents and EU users have opt-out or objection rights; users in other jurisdictions should review what choices Riot makes available through the privacy request portal.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.