Nintendo updated its privacy policy to clarify how it collects error data, expanded where it uses location information to include checking into events and Nintendo locations, strengthened its data retention practices by specifying deletion or de-identification procedures, added detailed language about collecting persistent identifiers from child users for operational purposes, made parental controls more transparent by letting parents see which apps have access to their child's account, and switched its child privacy certification from ESRB to CARU (Children's Advertising Review Unit).
Nintendo now discloses that it uses location data not only for location-based games and friend connections, but also to enable check-ins at specific events and Nintendo locations, which is a new explicit use case. The policy now details how child user data including persistent identifiers like IP addresses and device IDs are collected and retained, with commitments to delete or de-identify data based on sensitivity and account activity. Parents can now see which third-party apps have been authorized to access their child's account before deciding whether to allow continued access, giving more visibility into connected applications.
Parents now have greater transparency into how Nintendo collects and uses their child's data, including which apps can access the account and the specific purposes for which Nintendo collects device identifiers. The expansion of location data use to include event check-ins represents a new type of location tracking beyond games, which parents should understand.
→ Review the named list of third-party apps authorized to access your child's Nintendo account through your account profile settings to understand which apps have access.
→ Consider disabling access for any third-party apps you no longer want connected to your child's account.
→ Third-party apps authorized in the past will retain access to your child's Nintendo account data unless you actively revoke their permissions.
→ Your child's device IP address and device ID will continue to be collected by Nintendo for the stated operational, security, and advertising purposes.
Added explicit disclosure that Nintendo collects IP addresses and device IDs from child users for nine specified purposes including fraud prevention, service improvements, advertising, and legal compliance, with commitment to internal policies and contractual restrictions limiting use.
Expanded parental controls to require Nintendo to show parents a named list of authorized third-party apps before parents decide whether to allow continued access.
Added event check-in and Nintendo location check-in as explicit location data use cases alongside existing location-based games and friend connections.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
You now get to see which apps have permission to use your child's Nintendo account before you decide whether to allow them to keep using it.
Nintendo now explicitly discloses it collects your child's IP address and device ID for operational, security, and advertising purposes.
+ 1 more obligation changes. Full breakdown available with Watcher.
Track changes →Nintendo clarified and expanded several provisions affecting child user data handling and parental controls. The addition of explicit persistent identifier collection disclosures for child users, coupled with internal policy commitments around use limitation, may engage COPPA (Children's Online Privacy Protection Act) compliance frameworks. The shift from ESRB to CARU certification changes which independent body audits Nintendo's child privacy practices. The location data expansion is a transparency clarification rather than a new collection authorization. Compliance teams should verify that the internal policies referenced in the child identifier language are documented and aligned with audit requirements under CARU's program.
COPPA (Children's Online Privacy Protection Act), CARU (Children's Advertising Review Unit) Privacy Certification Program
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001245.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherNintendo updated its privacy policy to clarify how it collects and uses data from children and shifted its third-party privacy …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.