| Field | Data type | Require | Description |
| User-id | Bigint | Yes | Primary Key. A unique, auto-incrementing ID automatically generated by the database system. |
| Varchar(255) | Yes | The unique email address entered by the user during registration. | |
| Hashed-password | Varchar (255) | Yes | The hash value generated by the system’s encryption algorithm from the user-inputted password. |
| Date of birth | Date | Yes | Entered by the user for the system to perform legal age verification. |
| Email-verified | Boolean | Yes | Email verification status. Set to FALSE by default upon registration and updated to TRUE after verification. |
| Created-at | Timestamp | Yes | Record creation timestamp. Automatically generated by the database system upon row insertion. |
primary table(users)
Related Table: user_agreements
| Field Name | Data type | Required | Description |
| Agreement id | Bigint | Yes | Primary Key. A unique, auto-incrementing ID automatically generated by the database system. |
| User id | Bigint | Yes | Foreign Key. References users.user_id. Populated by the system when inserting the consent record. |
| Accepted tos | Boolean | Yes | Records whether the user accepted the Terms of Service. A boolean value recorded by the system based on the user’s UI selection. |
| Accepted privacy | Boolean | Yes | Records whether the user accepted the Privacy Statement. A boolean value recorded by the system based on the user’s UI selection. |
| Opt-in-up-dates | Boolean | No | Records the user’s opt-in preference for marketing emails. A boolean value recorded by the system based on the user’s UI selection; can be NULL. |
| Opt-in-third-party | Boolean | No | Records the user’s consent for data sharing with third-party partners. A boolean value recorded by the system based on the user’s UI selection; can be NULL. |
| Agreed-at | Timestamp | Yes | Consent timestamp. Automatically generated by the database system upon row insertion. |
Ethical Analysis
The data collection practices of this platform raise ethical concerns regarding data minimization and the quality of informed consent. Firstly, while collecting the date of birth for age verification is justified, combining it with email, device information, and other details may exceed the “minimum necessary” scope, constituting excessive collection. Secondly, the dense series of consent requests during registration (such as the Terms of Service, Privacy Statement, and the two marketing authorizations) may lead to consent fatigue, where users might hastily check the boxes without fully understanding the terms, thereby undermining the genuineness and voluntariness of their consent. If this detailed demographic and behavioral preference data were leaked due to a security breach, users would face significant risks ranging from spam harassment to identity theft, phishing, and even targeted fraud.
Recommendations
The platform should implement selective date-of-birth collection, storing only the verification result (e.g., “adult”) rather than the full birthdate, to better adhere to data minimization principles. Simultaneously, it should present critical terms (service and privacy) separately from optional marketing authorizations to combat consent fatigue and ensure genuine user understanding. Finally, the platform must establish and disclose a clear data retention schedule, automatically deleting inactive account data after a defined period (e.g., 24 months) to mitigate the risks associated with data breaches.
Link:https://www.riotgames.com/zh-cn
picture
The Ultimate Anime Troupe 