Riot's services are not intended for users under 16 (or 13 in the US), and if Riot discovers it has collected data from a child below the threshold without parental consent, it says it will delete that data.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Riot's games are widely played by players under 16, and the age-based data practices and parental consent requirements are legally significant. The policy's reliance on users self-reporting their age, without verified age-gating mechanisms, may create practical compliance gaps.
Interpretive note: The notice does not describe the specific mechanisms used to verify parental consent or to enforce age restrictions at registration, making it difficult to assess whether the stated practices satisfy COPPA's verifiable parental consent standard.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or co…
Children under 13 in the US (or 16 in the EU) are technically not permitted to use Riot services without parental consent, but the practical enforcement of this restriction depends on self-reported age at registration. Parents of underage players should be aware that their child's gameplay, behavioral, and communication data may have been collected.
How other platforms handle this
Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information.
Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information. In some juris...
The Service is not directed to children under the age of 13. If you are under 13 years of age, please do not use or access the Service at any time or in any manner. If we learn that personally identifiable information has been collected on the Service from persons under 13 years of age and without v...
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Our Services are not directed to children under the age of 16 (or under the age of 13 in the United States). We do not knowingly collect personal data from children under these ages without obtaining verifiable parental consent where required by applicable law. If we become aware that we have collected personal data from a child under the applicable age limit without parental consent, we will take steps to delete that information.— Excerpt from Riot Games's Riot Games Privacy Notice
REGULATORY LANDSCAPE: COPPA (Children's Online Privacy Protection Act), enforced by the FTC, applies to online services that knowingly collect personal information from children under 13 in the US. The EU's GDPR Article 8 sets the age of digital consent at 16 (with member state discretion to lower it to 13). The UK Children's Code (Age Appropriate Design Code) imposes additional obligations for services likely to be accessed by children. The FTC has brought enforcement actions against gaming companies for inadequate age verification and unlawful collection of children's data. GOVERNANCE EXPOSURE: High. Riot's games, including League of Legends and Valorant, have substantial under-16 player bases globally. The policy's age threshold relies on self-reported registration data without describing verified parental consent mechanisms, which may not satisfy COPPA's 'verifiable parental consent' requirement. The collection of voice communications from minors is particularly sensitive under COPPA and equivalent frameworks. JURISDICTION FLAGS: US (COPPA, FTC enforcement); EU/EEA (GDPR Article 8, national implementations); UK (Children's Code, ICO enforcement); California (CCPA provisions on minors under 16, which restrict sharing of minors' data without opt-in consent). Any jurisdiction where Riot's games are marketed to or foreseeably used by minors creates exposure. CONTRACT AND VENDOR IMPLICATIONS: Third-party advertising partners receiving data should be contractually prohibited from using any data that may originate from minors. Parental consent verification vendors, if used, should be assessed for adequacy. The policy should be reviewed against COPPA's direct notice and verifiable consent requirements. COMPLIANCE CONSIDERATIONS: A DPIA focused on child user data flows is warranted. Age verification mechanisms should be audited for COPPA compliance, including whether the 'knowingly collect' standard is adequately operationalized through registration flows. Advertising data sharing practices should be suspended or restricted for any user who may be under the applicable age threshold. Legal teams should assess whether the UK Children's Code applies given Riot's market presence in the UK.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Riot's games are widely played by players under 16, and the age-based data practices and parental consent requirements are legally significant. The policy's reliance on users self-reporting their age, without verified age-gating mechanisms, may create practical compliance gaps.
Children under 13 in the US (or 16 in the EU) are technically not permitted to use Riot services without parental consent, but the practical enforcement of this restriction depends on self-reported age at registration. Parents of underage players should be aware that their child's gameplay, behavioral, and communication data may have been collected.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.