What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://help.steampowered.com/', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': 'Go to https://help.steampowered.com/ and submit a support ticket requesting deletion of your personal data. EU/UK users can invoke their GDPR Art. 17 right to erasure; California residents can invoke their CCPA right to delete under §1798.105.', 'deadline_days': None, 'deadline_hours': None} {'method': 'WEB_FORM', 'recipient': 'https://help.steampowered.com/', 'difficulty': 'MODERATE', 'action_type': 'EXPORT_DATA', 'instructions': 'Submit a data access request at https://help.steampowered.com/ to receive a copy of all personal data Steam holds about you, including account data, game statistics, and transaction history.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has authority over failures to honor consumer data rights requests under the FTC Act Section 5 and applicable privacy framework commitments.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': "California residents can file complaints with the CPPA regarding Valve's failure to honor CCPA rights requests within the required 45-day timeframe.", 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this User Rights and Data Deletion clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar User Rights and Data Deletion clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

User Rights and Data Deletion — Steam

Share 𝕏 Share in Share 🔒 PDF

What it is

Steam processes your data under four legal bases which also determine how long your data is kept, who can access it, and what rights you have to control it. The policy references a separate section 6 for full details on user rights including access, deletion, and portability.

Consumer impact (what this means for users)

Steam's data retention and your deletion rights are tied to the legal basis for each processing activity, meaning some of your personal data may be retained indefinitely for legal compliance or legitimate business purposes even after you request deletion.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Go to https://help.steampowered.com/ and submit a support ticket requesting deletion of your personal data. EU/UK users can invoke their GDPR Art. 17 right to erasure; California residents can invoke their CCPA right to delete under §1798.105.
Export Your Data

Submit a data access request at https://help.steampowered.com/ to receive a copy of all personal data Steam holds about you, including account data, game statistics, and transaction history.

Cross-platform context

See how other platforms handle User Rights and Data Deletion and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Your ability to delete your data, access it, or port it to another service depends on which legal basis Steam invokes for each type of processing — and if Steam relies on 'legitimate interests' or 'legal obligation,' your deletion or objection rights may be limited.

View original clause language

These reasons for collecting and processing Personal Data determine and limit what Personal Data we collect and how we use it (section 3. below), how long we store it (section 4. below), who has access to it (section 5. below) and what rights and other control mechanisms are available to you as a user (section 6. below).

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Arts. 15-22 establish the full suite of data subject rights: access (Art. 15), rectification (Art. 16), erasure/right to be forgotten (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), and rights related to automated decision-making (Art. 22). CCPA §§1798.100–1798.125 provide parallel rights for California residents including the right to know, delete, correct, and opt out. Valve must respond to GDPR requests within 30 days (extendable to 3 months) and CCPA requests within 45 days (extendable to 90 days).

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has authority over failures to honor consumer data rights requests under the FTC Act Section 5 and applicable privacy framework commitments.
File a complaint →
State AG

California residents can file complaints with the CPPA regarding Valve's failure to honor CCPA rights requests within the required 45-day timeframe.
File a complaint →

Provision details

Document information

Document

Steam Privacy Policy

Entity

Steam

Document last updated

April 29, 2026

Tracking information

First tracked

April 18, 2026

Last verified

April 18, 2026

Record ID

CA-P-002934

Document ID

CA-D-00182

Evidence Provenance

Source URL

https://store.steampowered.com/privacy_agreement/

Wayback Machine

View archived versions →

SHA-256

63210b28892392d9dae07097221e6ab8458f850d4edd68ce4be0bc540f120bb5

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Steam | Document: Steam Privacy Policy | Record: CA-P-002934
Captured: 2026-04-18 10:57:26 UTC | SHA-256: 63210b28892392d9…
URL: https://conductatlas.com/platform/steam/steam-privacy-policy/user-rights-and-data-deletion/
Accessed: May 2, 2026

Classification

Severity

Medium

User Rights and Data Deletion