If you live in the EU, UK, or California, you have the right to access, correct, delete, or export your personal data, and in some cases to object to or restrict how it is processed.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision operationalizes Riot Games' obligation to recognize and facilitate statutory data subject rights across multiple regulatory regimes, establishing the framework through which users may exercise jurisdiction-specific protections regarding their personal data.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.
View change record →Eligible users can request a copy of their data, ask for it to be deleted, or opt out of certain types of processing by contacting Riot through their privacy portal. You can submit a data rights request at https://www.riotgames.com/en/privacy-notice.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Based on your jurisdiction, you may have some or all the rights listed below and/or any other rights available to you in accordance with applicable laws: Access, Correction, Deletion, Restriction, Data portability, Objection, Right to withdraw consent, Right related to cross-border transfers.— Excerpt from Riot Games's Riot Games Privacy Notice
Riot must fulfill data subject access requests (DSARs) within legally mandated timeframes — 30 days under GDPR (extendable to 3 months) and 45 days under CCPA. Non-compliance with DSAR obligations is an enforcement priority for EU data protection authorities and the California Privacy Protection Agency (CPPA).
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision operationalizes Riot Games' obligation to recognize and facilitate statutory data subject rights across multiple regulatory regimes, establishing the framework through which users may exercise jurisdiction-specific protections regarding their personal data.
Eligible users can request a copy of their data, ask for it to be deleted, or opt out of certain types of processing by contacting Riot through their privacy portal. You can submit a data rights request at https://www.riotgames.com/en/privacy-notice.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.