[kaftoy]

Also pure anecdotal, I have had GDPR interactions with EPIC Games (asked them to delete my account) and Blizzard Entertainment (asked them to retrieve my data). Both went well. The interaction with EPIC was manual, I had to send an email and got back what it looked like a personalized e-mail. Account seemed to be deleted.

With Blizzard it went a bit different. They do have online automated tool to download your own data, but with a twist: they refused to provide what they consider security risk information. They did provide a lot of data (even years old chat logs) but did not provide the information I was looking for: list of processes running on my PC, which they scan periodically, as an anti-cheating mechanism. I went further and filed a GDPR infringement complaint to the national office but it failed. Last option was to sue, but I gave up.

Both Epic and Blizzard are US based.

[cosmodisk]

Why did it fail,may I ask? Epic and Blizzard are US based but do significant business in the EU, so lots of stuff would apply to them.

[kaftoy]

It failed because, based on the evidence I have submitted to the national authority for data protection (the national entity enforcing the gdpr), they were not able to rule in my favor. In the e-mail exchange between me and Blizzard, they declared they store process data anonymized, but I don't believe it, since based on that data they decide to ban real game accounts (which are linked to real personal data). Going to trial just to try to prove a point wasn't worth it for me, but at least I have seen the national authority for data protection actualy reading the documents I have submitted, fundamenting their ruling with quotes from them.