What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://www.riotgames.com/en/privacy-notice', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': "Go to Riot Games' privacy notice page and locate the data subject rights request form. Select the type of request (access, deletion, export, correction) and submit the form. Riot is required to respond within legally mandated timeframes depending on your jurisdiction.", 'deadline_days': None, 'deadline_hours': None} {'method': 'WEB_FORM', 'recipient': 'https://www.riotgames.com/en/privacy-notice', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Visit the Riot Games privacy notice page and use the data portability request option to request a copy of your personal data in a machine-readable format.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': "California's AG and CPPA enforce CCPA/CPRA data subject rights including access and deletion obligations.", 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Data Subject Rights (EU/UK/California) clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Data Subject Rights (EU/UK/California) clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Data Subject Rights (EU/UK/California) — Riot Games

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Riot Games Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

If you live in the EU, UK, or California, you have the right to access, correct, delete, or export your personal data, and in some cases to object to or restrict how it is processed.

ⓘ

This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The provision operationalizes Riot Games' obligation to recognize and facilitate statutory data subject rights across multiple regulatory regimes, establishing the framework through which users may exercise jurisdiction-specific protections regarding their personal data.

Recent Activity

This document changed recently

Medium Apr 14, 2026

Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.

View change record →

Consumer impact (what this means for users)

Eligible users can request a copy of their data, ask for it to be deleted, or opt out of certain types of processing by contacting Riot through their privacy portal. You can submit a data rights request at https://www.riotgames.com/en/privacy-notice.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Go to Riot Games' privacy notice page and locate the data subject rights request form. Select the type of request (access, deletion, export, correction) and submit the form. Riot is required to respond within legally mandated timeframes depending on your jurisdiction.
Export Your Data

Visit the Riot Games privacy notice page and use the data portability request option to request a copy of your personal data in a machine-readable format.

How other platforms handle this

Notion Medium

Depending on where you live, you may have certain rights regarding your personal information. For example, you may have the right to: Access your personal information; Correct inaccurate personal information; Request deletion of your personal information; Object to or restrict processing of your per...

Mistral AI Medium

Customer shall: Comply with its obligations under the Applicable Data Protection Law regarding the Processing and any instruction provided to Mistral AI, Provide notice and obtain all consents and rights required by the Applicable Data Protection Law for Mistral AI to Process Personal Data as part o...

Microsoft Azure Medium

You can request access to, erasure of, and updates to your personal data. If you'd like to port your data elsewhere, you can use tools Microsoft provides to do so, or if none are available, you can contact Microsoft for assistance.

See all platforms with this clause type →

Monitoring

Riot Games has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Based on your jurisdiction, you may have some or all the rights listed below and/or any other rights available to you in accordance with applicable laws: Access, Correction, Deletion, Restriction, Data portability, Objection, Right to withdraw consent, Right related to cross-border transfers.

— Excerpt from Riot Games's Riot Games Privacy Notice

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

Riot must fulfill data subject access requests (DSARs) within legally mandated timeframes — 30 days under GDPR (extendable to 3 months) and 45 days under CCPA. Non-compliance with DSAR obligations is an enforcement priority for EU data protection authorities and the California Privacy Protection Agency (CPPA).

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

State AG

California's AG and CPPA enforce CCPA/CPRA data subject rights including access and deletion obligations.
File a complaint →

Applicable regulations

CCPA/CPRA

California, USA

COPPA

United States Federal

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

Universal Opt-Out Mechanism Expansion 2026

VPPA

United States Federal

Provision details

Document information

Document

Riot Games Privacy Notice

Entity

Riot Games

Document last updated

May 5, 2026

Tracking information

First tracked

March 20, 2026

Last verified

March 20, 2026

Record ID

CA-P-001565

Document ID

CA-D-00310

Evidence Provenance

Source URL

https://www.riotgames.com/en/privacy-notice

Wayback Machine

View archived versions →

Content hash (SHA-256)

39702142b1ff9de41afd68c3620684a1be0bc3bef47100050658a43adbd5eca3

Analysis generated

March 20, 2026 11:13 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Riot Games
Document: Riot Games Privacy Notice
Record ID: CA-P-001565
Captured: 2026-03-20 11:13:03 UTC
SHA-256: 39702142b1ff9de4…
URL: https://conductatlas.com/platform/riot-games/riot-games-privacy-notice/data-subject-rights-euukcalifornia/
Accessed: May 20, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Kernel-Level Anti-Cheat Data Collection high
Third-Party Advertising Data Sharing high
International Data Transfers medium
Children's and Minors' Data high
Gameplay Telemetry and Behavioral Data Collection medium
Data Retention Policy medium

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Riot Games's Data Subject Rights (EU/UK/California) clause do?

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.

Is ConductAtlas affiliated with Riot Games?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.