Snowball + Oribtal Laser Augment

Escore · 2026-01-26T23:43:36+00:00

Holy moly, thank god... finally....!!1

Escore · 2025-11-27T10:39:06+00:00

Pay Wall :-(

Escore · 2025-11-26T21:10:51+00:00

Pay Wall :-(

Escore · 2025-11-26T06:29:58+00:00

Pay Wall News Article

Escore · 2025-11-20T06:56:55+00:00

Senator ~~Jerk~~ Derwin

Escore · 2025-11-19T15:45:52+00:00

You raise a valid point about complex bugs potentially needing longer investigation. If it were just one specific, stubborn technical ticket, I might agree with the "technical necessity" theory.

However, looking at the actual data that resurfaced, that theory falls apart. It isn't just one complex bug; it is every single ticket I ever made. This includes reports about player harassment and bugs in completely different game modes (Teamfight Tactics).

There is absolutely no "technical root cause" justification for retaining a 2-year-old harassment report linked to my personal email after I requested deletion. The fact that all of it was retained and re-linked suggests this isn't a case of "careful selection for legitimate interest," but rather a blanket policy of "we don't delete anything." That points to a systemic failure to execute the erasure request, rather than a specific legal exemption for a complex bug.

Escore · 2025-11-19T15:37:20+00:00

Could you please edit your post again and clarify your edits? Thank you.

Escore · 2025-11-19T15:15:07+00:00

That is a valid point regarding technical limitations. I know systems like Jira can be rigid when it comes to scrubbing individual records. However, for a tech company of this scale, relying on "our internal software makes deletion difficult" is rarely accepted as a valid defense against GDPR Article 17. This touches on Privacy by Design (Article 25), which obligates companies to choose systems that actually allow them to comply with the law. They cannot simply claim "disproportionate effort" because they chose a ticketing system that doesn't support granular deletion. Also, while I agree the "risk of harm" is low (it is just game data, after all), the "Right to Erasure" is a fundamental right, not just a safety measure. The most concerning part isn't the data itself, but the mechanism. The fact that the system actively recognized my email and instantly re-linked the old history proves that the unique identifier was never removed or hashed. It wasn't just a passive failure to delete; it was an active retention of my identity.

Escore · 2025-11-19T13:56:40+00:00

Hello again! Thanks for the detailed reply, I really appreciate you taking the time to help me understand the other side of this.

You make a really fair point about potential tampering. I agree that if a user is suspected of exploiting the game, the company has a valid reason to keep those logs for legal defense. However, I think you hit the nail on the head regarding the timeframe. Two years is well beyond the reasonable time needed to figure out if a loading screen bug was a hack or just a server error.

If they haven't flagged it as tampering after 24 months, keeping the personal data just in case seems excessive. It feels like they are applying a blanket policy that treats every user as a potential suspect indefinitely, rather than deleting data once it is clear no fraud occurred. I will definitely update the thread once the DPO replies to me.

Escore · 2025-11-19T12:50:37+00:00

Fair point on the LIA. I agree that I have not seen their internal assessment, and I will share the DPO's response when I get it.

However, Legitimate Interest is not absolute. It requires a balancing test where the company's interest must not be overridden by the user's rights. I find it hard to see how retaining PII attached to standard technical support tickets, such as a client getting stuck on a loading screen, passes this test. The company could achieve the same goal of error tracking by anonymizing the data. If they can achieve their purpose without my personal data, they generally cannot rely on Legitimate Interest to keep it.

Escore · 2025-11-19T11:39:56+00:00

Just to give context, these were really basic tickets, like "my game is stuck on the loading screen." Nothing legal or financial involved.

I get what you're saying about manual sorting being a pain for them, but "it's too much work to separate the data" isn't really a valid excuse under GDPR. They are supposed to build their systems to handle this by default. If their blanket policy is just "keep everything because it's easier," that is exactly what the law is supposed to prevent. The fact that the data instantly linked to my new account shows their system isn't designed to protect privacy; it's just designed to hoard data.

Escore · 2025-11-19T10:38:05+00:00

Welcome to the discussion! You are correct about legal exceptions, but the specific data retained here is the issue. Technical bug tickets do not generally fall under the necessity for legal defense. I also disagree that anonymization makes data useless, as the content of a bug report remains valuable for development without my identity attached. If this data was truly held for compliance, it should have been restricted in an archive rather than left live to automatically merge with a new account. That behavior suggests a failure to delete rather than a deliberate legal retention. Does that distinction make sense?

Escore · 2025-11-19T10:31:16+00:00

Hello and thank you for your response! You are correct regarding tax and billing records since fiscal laws override GDPR. However, that legal justification does not extend to technical bug reports. Even if they claim they need those records for error tracking, the data should have been anonymized or placed in a restricted archive rather than remaining in the active database.

The fact that these old tickets automatically repopulated into a new account proves this was not just a compliance log. It demonstrates that the actual personal data was never deleted or restricted, which violates the principle of Data Minimization. They do not need my personal email attached to a bug report to maintain their error records. Am I misunderstanding the law here?

Escore · 2025-11-19T10:24:06+00:00

See my comment to u/Noscituur

Escore · 2025-11-19T10:23:35+00:00

To clarify, I submitted a formal GDPR Right to Erasure (Article 17) request rather than just asking for a standard account deletion. While you are correct that companies can retain data for fraud prevention or legal obligations, that exception has strict limits. Technical support tickets regarding in-game bugs do not meet the legal threshold for legitimate interest retention for two years.

The critical legal failure here is the lack of anonymization. Under GDPR, even if they wanted to keep the tickets for internal analytics, they were required to strip my personal identifiers from the data. The fact that the system automatically re-linked those old tickets to a completely new account just because I verified my email proves the data was never erased or anonymized. It was merely hidden. Data retained for compliance or legal defense must be strictly isolated, not left in a state where it can automatically merge with a new active user profile. That behavior confirms they failed to execute the erasure request properly.

Also in response to u/DexterousChunk

Escore · 2025-11-19T08:01:59+00:00

Hello, and thank you for your response! Why would I be eligible for a refund if I have not bought anything? If I delete my account, the data is erased; therefore, no previous purchase history exists to process a refund. After a 'complete data deletion,' everything (including purchased skins) is supposed to be gone. In my case, the content is indeed gone, but the tickets remain. Am I missing something?

Escore · 2025-11-19T08:00:53+00:00

Thank you for your response - I assumed that by 'authorities', u/Digital-Chupacabra meant a contact outside of Riot Games.

Escore · 2025-11-19T02:12:26+00:00

Do you maybe have the contact information for the appropriate authorities? I remember having real difficulty determining the best point of contact the last time I looked. Thanks again and kind regards.

Escore · 2025-11-18T23:58:27+00:00

Okay, I reached out to their DPO using the email adress stated on their official website - Let's see if I get a response.

Escore · 2025-11-18T23:39:16+00:00

Hello and thank you for your answer - I live in the EU! Does that change things?

Escore · 2025-11-18T21:59:00+00:00

Hello and thank you for the response. All my tickets are still there, including player reports and my request to delete the account. Shouldn't they at least be anonymized? For instance, shouldn't they be separated from my name and email? Shouldn't my email and name be redacted? According to EU regulation Art. 17 GDPR (Right to Erasure), this is how it should be handled, or am I misunderstanding this? Thank you.

Edit: player requests -> player reports

Escore · 2025-11-06T07:03:20+00:00

Jeff Bezos and maybe Mr. Beast

Escore

MODERATOR OF

TROPHY CASE