Depending on your location, you have rights to access, correct, delete, or move your data, and you can exercise those rights by submitting a request through Riot's online privacy portal.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Knowing how to exercise your data rights is practically important, and Riot's provision of a dedicated portal is a meaningful consumer-facing mechanism for submitting requests.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or co…
You can access, correct, or request deletion of your personal data through Riot's privacy portal. The availability of specific rights depends on your jurisdiction; EU, UK, and California users have the broadest set of rights under GDPR and CCPA respectively.
How other platforms handle this
In addition to the above rights, your local laws (including those in the EU, UK, Japan, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, or Utah) may afford you f...
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on where you live, you may have certain rights with respect to your personal data, including the right to access, correct, delete, or restrict the processing of your personal data; the right to data portability; the right to object to processing; and the right to withdraw consent. To exercise these rights, please submit a request through our privacy request portal at https://privacyrequest.riotgames.com. We will respond to your request in accordance with applicable law.— Excerpt from Riot Games's Riot Games Privacy Notice
REGULATORY LANDSCAPE: GDPR Articles 15-22 codify data subject rights including access, rectification, erasure, restriction, portability, and objection. CCPA/CPRA provides California residents rights to know, delete, correct, and opt out of sale or sharing. UK GDPR mirrors EU GDPR rights. LGPD provides similar rights for Brazilian users. The notice's conditional framing ('depending on where you live') is standard but should be evaluated against whether rights are actually implemented across all applicable jurisdictions. GOVERNANCE EXPOSURE: Low to Medium. The provision of a dedicated privacy request portal is consistent with GDPR and CCPA compliance posture. The response timeframe is not specified in the quoted text ('in accordance with applicable law'), which under GDPR is one month (extendable to three). The adequacy of identity verification mechanisms used by the portal for fulfilling requests should be assessed. JURISDICTION FLAGS: EU users have 30-day response rights under GDPR. California residents have 45-day response rights under CCPA. UK users have GDPR-equivalent rights. The notice does not specify separate mechanisms for users in jurisdictions without explicit statutory rights frameworks, which may create inconsistency in how requests are handled globally. CONTRACT AND VENDOR IMPLICATIONS: B2B customers should assess whether Riot's privacy request process can accommodate data subject rights requests that flow through employer-mediated service relationships. The portal's ability to handle bulk requests or requests on behalf of minors should be evaluated. COMPLIANCE CONSIDERATIONS: The privacy request portal should be audited for response time compliance across all applicable jurisdictions. Identity verification steps should be reviewed to ensure they do not create unreasonable barriers to rights exercise while also preventing unauthorized deletion requests. Records of rights requests and responses should be maintained as required by GDPR Article 30 and CCPA recordkeeping requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Knowing how to exercise your data rights is practically important, and Riot's provision of a dedicated portal is a meaningful consumer-facing mechanism for submitting requests.
You can access, correct, or request deletion of your personal data through Riot's privacy portal. The availability of specific rights depends on your jurisdiction; EU, UK, and California users have the broadest set of rights under GDPR and CCPA respectively.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.