this post was submitted on 06 Jul 2026
489 points (99.6% liked)
Games
25414 readers
1182 users here now
Video game news oriented community. No NanoUFO is not a bot :)
Posts.
- News oriented content (general reviews, previews or retrospectives allowed).
- Broad discussion posts (preferably not only about a specific game).
- No humor/memes etc..
- No affiliate links
- No advertising.
- No clickbait, editorialized, sensational titles. State the game in question in the title. No all caps.
- No self promotion.
- No duplicate posts, newer post will be deleted unless there is more discussion in one of the posts.
- No politics.
Comments.
- No personal attacks.
- Obey instance rules.
- No low effort comments(one or two words, emoji etc..)
- Please use spoiler tags for spoilers.
My goal is just to have a community where people can go and see what new game news is out for the day and comment on it.
Other communities:
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The law says they can’t keep your PII after you stop being a customer, not anything about linking your email address to purchases for an entirely legitimate ongoing reason.
The law covers personal data not PII and is much broader than PII that is defined under the US Office of Privacy and Open Government which has no bearing on the GDPR.
As for personal data, email addresses are covered and even user names could be considered personal data depending on if it's linkable to a person and since your account is linked to your email and linked to you user name potentially, when they have to delete personal data the have to delete all of those foreign keys in their database that says your email once got a receipt for that game you bought digitally.
They need to retain financial data for way longer though, and are basically allowed to store their bookkeeping stuff for forever. So they could restore accounts from that anyways. I'd argue, they could keep the account details which can be recovered from financial data under those circumstances. Which probably would be everything necessary to keep the purchased games. They'd need to delete e.g. usage data, connection data etc.
Except they don’t have to delete any of that as long as you hold ongoing software licenses with them, as that’s a legitimate interest. This is malicious compliance posing as “well they made us do it”, same as all the GDPR banners on the web.
I'm not here to defend the corporations.
Email addresses are PII under GDPR, aren't they? So linking email addresses to purchase history is explicitly retaining PII and data about someone they can identify.
You are explicitly allowed to retain PII for critical business purposes. So in this case as a key component that the software licence is attached to they can retain it forever anyway.
Pretty sure that the gdpr specifically precludes forever retention. Data should be retained as long as is necessary and whether 1, 3, 5, 10 or however many years, sooner or later deletion is appropriate, and the timeline depends on what is reasonable.
3 years is a long time to not log in and if a court decided that it exceeded a 'reasonable' period for legitimate interest the fines can go to 10% of global revenue. The law encourages risk averse behaviour.
They could make a better system where the user sets the timeline but it would be impossible to predict the return.
On this one i think its probably driven by risk management not nefarious intent.