Steam · Steam Privacy Policy

Third-Party Data Sharing with Partners and Service Providers

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Steam shares both anonymous and aggregated data with third parties, and also collects personal data from your communications on the platform including forum posts, chats, and user-generated content.

Consumer impact (what this means for users)

Your aggregated usage data and communications on Steam (forums, chats, user content) are collected and can be shared with unspecified third parties, with the risk that 'anonymous' data could be re-identified when combined with other data sources.

Cross-platform context

See how other platforms handle Third-Party Data Sharing with Partners and Service Providers and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The broad grant to share anonymous and aggregated data with third parties — without limitation on who those parties are or what they do with the data — is a significant privacy concern, as 'anonymous' data from a gaming platform with hundreds of millions of users can potentially be re-identified.

View original clause language
Valve may share anonymous data, aggregated or not, with third parties. We will collect and process Personal Data whenever you explicitly provide it to us or send it as part of communication with others on Steam, e.g. in Steam Community Forums, chats, or when you provide feedback or other user generated content.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Art. 4(5) defines pseudonymization but notes that data capable of re-identification remains personal data subject to the full Regulation. The claim that aggregated/anonymous data does not allow identification is potentially contested under GDPR Recital 26, which requires assessing re-identification risk. CCPA §1798.140 applies similarly — 'deidentified' data requires reasonable measures to prevent re-identification (§1798.145(a)(5)). FTC Act Section 5 applies to deceptive anonymization claims.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has enforcement authority over deceptive anonymization claims and unfair data sharing practices with third parties under FTC Act Section 5.
    File a complaint →
  • State AG
    California residents can file complaints with the CPPA/CA AG regarding CCPA violations related to third-party data sharing and inadequate deidentification practices.
    File a complaint →

Provision details

Document information
Document
Steam Privacy Policy
Entity
Steam
Document last updated
April 29, 2026
Tracking information
First tracked
April 18, 2026
Last verified
April 18, 2026
Record ID
CA-P-002932
Document ID
CA-D-00182
Evidence Provenance
Source URL
https://store.steampowered.com/privacy_agreement/
Wayback Machine
View archived versions →
SHA-256
63210b28892392d9dae07097221e6ab8458f850d4edd68ce4be0bc540f120bb5
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Steam | Document: Steam Privacy Policy | Record: CA-P-002932
Captured: 2026-04-18 10:57:26 UTC | SHA-256: 63210b28892392d9…
URL: https://conductatlas.com/platform/steam/steam-privacy-policy/third-party-data-sharing-with-partners-and-service-providers/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document