Riot's services are not intended for users under 16 (or 13 in the US), and if Riot discovers it has collected data from a child below the threshold without parental consent, it says it will delete that data.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Riot's games are widely played by players under 16, and the age-based data practices and parental consent requirements are legally significant. The policy's reliance on users self-reporting their age, without verified age-gating mechanisms, may create practical compliance gaps.
Interpretive note: The notice does not describe the specific mechanisms used to verify parental consent or to enforce age restrictions at registration, making it difficult to assess whether the stated practices satisfy COPPA's verifiable parental consent standard.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.
View change record →Children under 13 in the US (or 16 in the EU) are technically not permitted to use Riot services without parental consent, but the practical enforcement of this restriction depends on self-reported age at registration. Parents of underage players should be aware that their child's gameplay, behavioral, and communication data may have been collected.
How other platforms handle this
The Service is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your cons...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our Services are not directed to children under the age of 16 (or under the age of 13 in the United States). We do not knowingly collect personal data from children under these ages without obtaining verifiable parental consent where required by applicable law. If we become aware that we have collected personal data from a child under the applicable age limit without parental consent, we will take steps to delete that information.— Excerpt from Riot Games's Riot Games Privacy Notice
REGULATORY LANDSCAPE: COPPA (Children's Online Privacy Protection Act), enforced by the FTC, applies to online services that knowingly collect personal information from children under 13 in the US. The EU's GDPR Article 8 sets the age of digital consent at 16 (with member state discretion to lower it to 13). The UK Children's Code (Age Appropriate Design Code) imposes additional obligations for services likely to be accessed by children. The FTC has brought enforcement actions against gaming companies for inadequate age verification and unlawful collection of children's data. GOVERNANCE EXPOSURE: High. Riot's games, including League of Legends and Valorant, have substantial under-16 player bases globally. The policy's age threshold relies on self-reported registration data without describing verified parental consent mechanisms, which may not satisfy COPPA's 'verifiable parental consent' requirement. The collection of voice communications from minors is particularly sensitive under COPPA and equivalent frameworks. JURISDICTION FLAGS: US (COPPA, FTC enforcement); EU/EEA (GDPR Article 8, national implementations); UK (Children's Code, ICO enforcement); California (CCPA provisions on minors under 16, which restrict sharing of minors' data without opt-in consent). Any jurisdiction where Riot's games are marketed to or foreseeably used by minors creates exposure. CONTRACT AND VENDOR IMPLICATIONS: Third-party advertising partners receiving data should be contractually prohibited from using any data that may originate from minors. Parental consent verification vendors, if used, should be assessed for adequacy. The policy should be reviewed against COPPA's direct notice and verifiable consent requirements. COMPLIANCE CONSIDERATIONS: A DPIA focused on child user data flows is warranted. Age verification mechanisms should be audited for COPPA compliance, including whether the 'knowingly collect' standard is adequately operationalized through registration flows. Advertising data sharing practices should be suspended or restricted for any user who may be under the applicable age threshold. Legal teams should assess whether the UK Children's Code applies given Riot's market presence in the UK.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Riot's games are widely played by players under 16, and the age-based data practices and parental consent requirements are legally significant. The policy's reliance on users self-reporting their age, without verified age-gating mechanisms, may create practical compliance gaps.
Children under 13 in the US (or 16 in the EU) are technically not permitted to use Riot services without parental consent, but the practical enforcement of this restriction depends on self-reported age at registration. Parents of underage players should be aware that their child's gameplay, behavioral, and communication data may have been collected.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.