Nintendo's privacy policy was updated on March 19, 2026 with several revisions to language describing data collection, retention practices, and third-party certifications. The policy now states it collects error information from both users and devices (previously only devices), removed specific examples of location data uses like checking into Nintendo locations, simplified retention language to reference only 'applicable law' without detailing sensitivity-based practices, eliminated detailed disclosure of persistent identifiers collected from child users, and changed its privacy certification from CARU (Children's Advertising Review Unit) to ESRB (Entertainment Software Rating Board). These changes alter how Nintendo describes its data practices and child data handling, though the operational scope of collection and use remains largely similar.
The revised policy simplifies how Nintendo describes data retention, now stating information is retained only as long as reasonably necessary in accordance with applicable law, without prior detail about sensitivity-based retention practices. For child users, the policy no longer explicitly lists persistent identifiers (IP addresses, device identifiers) that Nintendo and service providers collect, removing specific disclosure language that previously detailed collection purposes for child accounts. The policy now indicates it collects error information from both users and devices, broadening the prior language focused on device errors only. The privacy certification body changed from CARU to ESRB, meaning independent audits and enforcement are now administered by the Entertainment Software Rating Board rather than the Children's Advertising Review Unit.
The updated policy removes explicit transparency about what persistent identifiers Nintendo collects from child users and why, which may affect how the policy complies with COPPA's requirement for clear disclosure of information collection practices. The shift from CARU to ESRB changes which independent body audits and enforces Nintendo's compliance with its stated practices. Simplified retention language removes prior detail about how Nintendo handles data based on sensitivity levels, though the practical retention practices may remain unchanged.
→ Review updated certification seal on Nintendo websites to confirm ESRB rather than CARU oversight
→ Contact Nintendo using provided contact information if you wish to review, modify, or delete child account information
→ The updated privacy terms will apply as written; child users' persistent identifiers will continue to be collected as stated in the revised policy
→ Disputes or concerns will be addressed under ESRB's independent audit and enforcement mechanisms rather than CARU's
Removed detailed disclosure of IP addresses, device identifiers, and other unique identifiers collected from child users and the stated purposes for collection.
Simplified from detailed sensitivity-based retention framework to general statement that information is retained only as long as reasonably necessary in accordance with applicable law.
Changed independent audit and enforcement body from CARU to ESRB, altering which organization conducts compliance reviews.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Parents and children no longer see a detailed list of the specific types of identifiers Nintendo collects from child accounts or why it collects them.
Nintendo modified child privacy disclosures and certification oversight on March 19, 2026. The policy removed explicit language detailing persistent identifiers collected from child users and simplified data retention descriptions. This change may affect compliance assessment under COPPA (Children's Online Privacy Protection Act), which requires clear and comprehensive disclosure of information collection practices for children under 13. The shift from CARU to ESRB certification changes the independent audit and enforcement body. Organizations relying on Nintendo's privacy practices in vendor assessments should confirm whether ESRB certification meets their internal requirements where CARU certification was previously mandated or expected.
COPPA (Children's Online Privacy Protection Act); GDPR (if EU residents are affected, though not indicated); FTC Act Section 5 (unfair or deceptive practices)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001881.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorNintendo updated its privacy policy to clarify how it collects and uses data from children and shifted its third-party privacy …
Nintendo updated its privacy policy to clarify how it collects error data, expanded where it uses location information to include …
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the …
TikTok's data collection extends to device sensors, clipboard content, geolocation, and cross-site tracking. Here is what their Privacy Pol…
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.