Then it never uses it for anything ever again & it just uses your email name for everything.
From my experience and speaking technically, from a privacy and security point of view, the way Steam does it (at least with regards to having 3 different entities: internal username, public username and email, but still not knowing all the ins and outs of what they do with them) is probably the most sound. But it does lead to a lot of confusion.
The email address is considered personally identifyable information and should be restricted to a lot of people, including Steam employees. Ideally no humans should see that email address, unless something critical happens and it needs to be uncovered.
Which is why the internal username is usually used to refer to you as a user, but without divulging anything about you. It should be the main way to identify yourself, since the email can change and even worst someone can take your email address. And not even illegally. It all depends on the email provider's platform and how they handle unused addresses (ex, the email provider might delete my account on my request, and you come back and create a new one using the same name. but no one told steam that. so you could impersonate someone). Ideally Steam needs to maintain your identity using something fully under their control. The username is usually that because it is a stable identifier, since the email address can change. The email address should at best be contact information. Unfortunately a lot of platforms just equate the email address to the username. For convenience purposes. Which is hard to blame, especially for their users. And also unfortunately a lot of platforms use the email provider that you use for other security flows (like resetting passwords). So basically they hang part of the security of their own platforms on however secure the email provider is. Unfortunately there's not really a solid alternative for this, from what I know. At best you can deny some email providers which you refuse to trust.
And then the public username (or steam community id) is what you as a steam user want to be referred to publicly, on the steam platform. Which is linked internally to your internal username, but ideally should not be traceable back to your internal username by people outside of working for Steam.
All of this is not say that there's
a way to handle all of this. As a platform you constantly have to balance usability and how much pain you put your users through against security concerns. But I've derailed the subject too much.