The policy states that Epic collects personal information not only from users directly and through automated means, but also from third parties. The specific categories of third parties and the types of information obtained from them are described in Section 3 of the policy.
This analysis describes what Unreal Engine's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that personal information about users may be received from third-party sources, which is operationally significant for data mapping, GDPR Article 14 transparency obligations (which require notice to data subjects about information obtained from third parties), and CCPA's requirements to disclose categories of sources from which personal information is collected.
Interpretive note: The full list of third-party data sources is referenced in Section 3 but the document was truncated before those details could be reviewed, limiting assessment of the complete disclosure scope.
Under this provision, Epic may collect personal information about users from third-party sources in addition to information provided directly by users or collected automatically. The specific categories of third-party sources are addressed in Section 3 of the policy.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Unreal Engine has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Generally speaking, we collect information in three ways: A) when you provide it to us, B) automatically when you use the Epic Services, and C) from third parties.— Excerpt from Unreal Engine's Epic Games Privacy Policy
1) REGULATORY LANDSCAPE: Collection of personal information from third parties engages GDPR Article 14 (which requires notice to data subjects when data is obtained from sources other than the data subject), CCPA's requirement to disclose categories of sources, and applicable data broker and people search regulations. The FTC and State Attorneys General enforce against deceptive omissions in privacy disclosures regarding data sources. 2) GOVERNANCE EXPOSURE: Medium. The three-category collection framework is standard across industry privacy policies. The operational significance depends on the specific third-party sources identified in Section 3, which the excerpted document truncates. Without reviewing the full list of third-party sources, the completeness of this disclosure cannot be fully assessed. 3) JURISDICTION FLAGS: EU/EEA (GDPR Article 14 notice obligations), California (CCPA source disclosure requirements), and any jurisdiction with data broker registration or notice requirements for third-party data acquisition. 4) CONTRACT AND VENDOR IMPLICATIONS: Data providers who supply personal information about users to Epic should be assessed under applicable data broker, commercial data, and onward transfer frameworks. Vendor due diligence should confirm that third-party data sources have a lawful basis for transferring data to Epic. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that GDPR Article 14 notices are provided to EU/EEA users regarding categories of third-party sources and that the information is provided within the timeframes required by Article 14(3). CCPA privacy notices should enumerate all categories of third-party sources from which personal information is collected.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that personal information about users may be received from third-party sources, which is operationally significant for data mapping, GDPR Article 14 transparency obligations (which require notice to data subjects about information obtained from third parties), and CCPA's requirements to disclose categories of sources from which personal information is collected.
Under this provision, Epic may collect personal information about users from third-party sources in addition to information provided directly by users or collected automatically. The specific categories of third-party sources are addressed in Section 3 of the policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unreal Engine.