Riot can change this privacy policy at any time and treats your continued use of its services as acceptance of the new terms, though it says it will notify you of material changes.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Acceptance of updated privacy terms by continued use rather than explicit re-consent means that changes to data practices take effect without requiring your affirmative agreement, which is significant if material changes expand data collection or sharing.
Interpretive note: The enforceability of deemed acceptance through continued use for material changes to data practices may be limited under GDPR where consent is the lawful basis for specific processing; applicable law in the user's jurisdiction determines whether this formulation is effective.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.
View change record →If Riot updates its privacy policy, continuing to use its services is treated as acceptance of the new terms. Users who want to stay informed should watch for policy update notifications and review changes before deciding whether to continue using Riot's services.
How other platforms handle this
enableGpcSdk: true, gpcSetting: { privacyPolicyLink: '/Privacy-Security-Policy-a-282.html' }
We process Global Privacy Control signals as opt-out requests for the sale or sharing of personal information.
The Service is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your cons...
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may update this Privacy Notice from time to time. If we make material changes, we will notify you by posting a notice on our website or by other means, such as email. Your continued use of our Services after we post an updated Privacy Notice constitutes your acceptance of the updated terms.— Excerpt from Riot Games's Riot Games Privacy Notice
REGULATORY LANDSCAPE: GDPR requires that where processing is based on consent, material changes to data practices require fresh consent rather than deemed acceptance through continued use. The 'continued use equals acceptance' formulation may not satisfy GDPR's consent standard for changes to consent-based processing. Under CCPA, material changes to privacy practices may require updated notices at or before the point of collection. The FTC has taken action against companies that materially changed data practices without adequate notice. GOVERNANCE EXPOSURE: Medium. The provision is standard industry language but creates tension with GDPR's requirements where consent is the lawful basis for certain processing. If Riot relies on legitimate interests rather than consent for most processing, the tension is reduced, but for processing that does require consent (e.g. certain advertising uses), material policy changes would require re-consent mechanisms rather than deemed acceptance. JURISDICTION FLAGS: EU/EEA users retain rights under GDPR regardless of deemed acceptance clauses; material changes to consent-based processing require fresh consent in the EU. California users must receive notice of material changes. UK GDPR mirrors the EU position. Where changes affect children's data processing, additional consent obligations may apply. CONTRACT AND VENDOR IMPLICATIONS: B2B customers relying on Riot's privacy commitments in vendor assessments should monitor for policy changes and assess whether material changes require contract amendments or new DPAs. Enterprise procurement policies may require notification of vendor privacy policy changes. COMPLIANCE CONSIDERATIONS: The company should confirm that its notification mechanism for material changes (email or website posting) is technically implemented and reaches all active users. For EU users, the mechanism for obtaining fresh consent for material changes to consent-based processing should be specified. A policy change log or version history should be maintained and accessible to users.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Acceptance of updated privacy terms by continued use rather than explicit re-consent means that changes to data practices take effect without requiring your affirmative agreement, which is significant if material changes expand data collection or sharing.
If Riot updates its privacy policy, continuing to use its services is treated as acceptance of the new terms. Users who want to stay informed should watch for policy update notifications and review changes before deciding whether to continue using Riot's services.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.