Riot shares your data with a wide range of outside companies including analytics providers, customer support vendors, advertising partners, and potentially acquirers in a business transaction.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data shared in connection with a business transaction such as a merger or acquisition may reach new parties under different privacy frameworks, and users typically have limited ability to prevent this type of transfer.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.
View change record →Your personal data may be shared with a broad range of third parties beyond Riot itself, including external advertising and analytics companies, and could be transferred to a new owner if Riot is acquired. Users have limited practical control over business transaction transfers, though they retain deletion and access rights under applicable law.
How other platforms handle this
We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...
We may share your information with third parties that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with business partners who offer products or services that...
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We share your personal data with third parties in the following circumstances: with service providers who help us deliver our Services, such as hosting, analytics, customer support, and fraud prevention; with advertising and marketing partners to help us deliver relevant advertisements; with other companies in the Riot group of companies; in connection with a merger, acquisition, or sale of assets; and when required by law or to protect rights and safety.— Excerpt from Riot Games's Riot Games Privacy Notice
REGULATORY LANDSCAPE: Third-party data sharing engages GDPR Article 28 (processor relationships) and Article 26 (joint controllers) depending on the nature of the relationship. CCPA/CPRA regulates 'selling' and 'sharing' personal information with third parties for commercial purposes. FTC guidance on data broker practices applies to analytics and advertising partners receiving Riot user data. M&A data transfers may require regulatory notification or consent mechanisms in some jurisdictions. GOVERNANCE EXPOSURE: Medium. The notice provides a categorical rather than specific enumeration of third parties, which is common industry practice but may not satisfy GDPR's transparency requirements for processor and sub-processor disclosure. The inclusion of M&A transfers without a consent mechanism or opt-out right is standard but limits consumer control in a material transaction scenario. JURISDICTION FLAGS: California residents have CPRA rights to know which categories of third parties receive their data. EU users have rights to obtain information about recipients under GDPR Article 15. The breadth of sharing with advertising partners may require evaluation under the ePrivacy Directive in EU jurisdictions. CONTRACT AND VENDOR IMPLICATIONS: Organizations integrating Riot services into enterprise environments should assess whether Riot's data processor agreements with sub-processors are available and adequate. M&A due diligence should account for Riot's data sharing obligations and whether acquirer privacy practices are compatible with Riot's stated commitments. COMPLIANCE CONSIDERATIONS: A vendor risk assessment covering the third-party ecosystem referenced in the notice is recommended. CCPA compliance teams should verify whether the opt-out of sale and sharing mechanism covers all advertising partner relationships. Legal teams should assess whether M&A transfer provisions include privacy continuity commitments for existing users.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data shared in connection with a business transaction such as a merger or acquisition may reach new parties under different privacy frameworks, and users typically have limited ability to prevent this type of transfer.
Your personal data may be shared with a broad range of third parties beyond Riot itself, including external advertising and analytics companies, and could be transferred to a new owner if Riot is acquired. Users have limited practical control over business transaction transfers, though they retain deletion and access rights under applicable law.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.