The law covers personal data not PII and is much broader than PII that is defined under the US Office of Privacy and Open Government which has no bearing on the GDPR.
As for personal data, email addresses are covered and even user names could be considered personal data depending on if it’s linkable to a person and since your account is linked to your email and linked to you user name potentially, when they have to delete personal data the have to delete all of those foreign keys in their database that says your email once got a receipt for that game you bought digitally.
Except they don’t have to delete any of that as long as you hold ongoing software licenses with them, as that’s a legitimate interest. This is malicious compliance posing as “well they made us do it”, same as all the GDPR banners on the web.
They need to retain financial data for way longer though, and are basically allowed to store their bookkeeping stuff for forever. So they could restore accounts from that anyways. I’d argue, they could keep the account details which can be recovered from financial data under those circumstances. Which probably would be everything necessary to keep the purchased games. They’d need to delete e.g. usage data, connection data etc.
The law covers personal data not PII and is much broader than PII that is defined under the US Office of Privacy and Open Government which has no bearing on the GDPR.
As for personal data, email addresses are covered and even user names could be considered personal data depending on if it’s linkable to a person and since your account is linked to your email and linked to you user name potentially, when they have to delete personal data the have to delete all of those foreign keys in their database that says your email once got a receipt for that game you bought digitally.
Except they don’t have to delete any of that as long as you hold ongoing software licenses with them, as that’s a legitimate interest. This is malicious compliance posing as “well they made us do it”, same as all the GDPR banners on the web.
They need to retain financial data for way longer though, and are basically allowed to store their bookkeeping stuff for forever. So they could restore accounts from that anyways. I’d argue, they could keep the account details which can be recovered from financial data under those circumstances. Which probably would be everything necessary to keep the purchased games. They’d need to delete e.g. usage data, connection data etc.