This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes the operational framework under which Riot Games processes personal information across jurisdictions with varying regulatory requirements. Standard Contractual Clauses create a contractual basis for lawful international transfer where adequacy decisions do not exist, addressing the legal requirements imposed by EEA, UK, and Swiss data protection regimes.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.
View change record →Users' personal information may be processed, stored, and accessed by Riot Games in countries outside their home jurisdiction, with data protection obligations determined by the laws of the destination country rather than the user's origin country. The terms specify that safeguard mechanisms apply to transfers from specific jurisdictions, establishing the legal structure under which this processing occurs.
How other platforms handle this
Epic Games, Inc. is headquartered in Cary, North Carolina. We and our subsidiaries have offices and operations located around the world that help create and deliver some of your favorite products and services, including games like Fortnite and developer tools like Unreal Engine.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, please note that we transfer your personal data to countries outside of these regions, including the United States, which may not provide the same level of data protection as your home country. We rely on app...
Canva is headquartered in Australia, and the Service is operated from Australia. If you are located in the European Economic Area, the United Kingdom, or other regions with laws governing data collection and use, please note that your information may be transferred to and processed in countries that...
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Riot Games is based in the United States, and we may transfer your personal information to countries outside of your home country, including to the United States, which may have different data protection laws than your home country. When we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to other countries, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.— Excerpt from Riot Games's Riot Games Privacy Notice
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes the operational framework under which Riot Games processes personal information across jurisdictions with varying regulatory requirements. Standard Contractual Clauses create a contractual basis for lawful international transfer where adequacy decisions do not exist, addressing the legal requirements imposed by EEA, UK, and Swiss data protection regimes.
Users' personal information may be processed, stored, and accessed by Riot Games in countries outside their home jurisdiction, with data protection obligations determined by the laws of the destination country rather than the user's origin country. The terms specify that safeguard mechanisms apply to transfers from specific jurisdictions, establishing the legal structure under which this processing occurs.
ConductAtlas has identified this type of provision across 85 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.