How long is character data stored for with data laws in Europe?

[Kerin]

The GDPR applies, using its own words, to "natural persons", so it has no application to 'virtual characters' in a video game if there is no data that can identify a 'real' person.

However, the GDPR does apply to your account data and in that respect there is no specified time period for its retention, rather the GDPR requires data to be deleted "after the purpose for which the data was collected is no longer valid", eg. when you cancel the account. Note that this aspect of the GDPR to my knowledge has yet been considered by legal cases so currently it's unclear how long after an account is cancelled the data would have to be deleted.

You do have the right to demand its deletion and that must be done within a defined period (I don't recall that exact time in days off the top of my head) but if they refuse to do do SE would have to provide a justification to your country's regulator that is responsible for GDPR implementation .. example in the UK it would be the ICO .. who would decided if SE's case was valid or not.

If the account is still active then SE would be perfectly justified it seems to me to claim they need the data to provide the service for which it was originally collected .. a basic concept of the GDPR is the purpose for which personal data was collected and retained .. however once you cancel your account that purpose will be deemed completed.

Requirements such as tax laws, accounting standards, etc. will be taken into account to allow companies to retain data beyond the end of the service for which it was collected in order to such laws and regulations to be complied with, so immediate deletion is not likely going to happen for any data involved in the payment for a service or goods, eg. a video game subscription.

Note: I am not a lawyer, however I was an acting Data Protection Officer in the terms of the GDPR for a UK company handling low-level personal data (names, addresses, dates of birth and little else, very similar to the data we supply to SE in our accounts) so had to read the GDPR and understand its concepts and requirements.