Nintendo updated its privacy policy to clarify how it collects and uses data from children and shifted its third-party privacy certification from ESRB to CARU. The policy now explicitly states that persistent identifiers like IP addresses and device IDs are collected from child users for specific operational purposes, and parents can now see a named list of third-party apps authorized to access their child's account. The company also expanded its disclosure of location data use to include check-ins at Nintendo locations and events.
Nintendo now explicitly discloses that it collects persistent identifiers (IP addresses, device IDs) from child users for operational, security, fraud prevention, and service improvement purposes, and states that contractual restrictions limit how service providers can use this data. Parents gain enhanced transparency by being able to view a named list of third-party games and applications authorized to access their child's account, rather than just managing access through settings. The policy also clarifies that location information may be used for check-ins at Nintendo locations and events in addition to location-based games. You can review and manage which third-party apps have access to your child's account through your Nintendo Account profile settings.
Nintendo now explicitly discloses that it collects and permits service providers to collect persistent identifiers from child users for specific operational purposes, and parents can see exactly which apps are authorized to access their child's account, providing clearer visibility into data practices affecting children. The shift from ESRB to CARU oversight represents a change in the third-party body conducting independent audits and enforcement of the company's child privacy compliance.
→ Review the named list of third-party applications authorized to access your child's Nintendo Account by visiting your Nintendo Account profile settings.
→ Remove access for any apps your child no longer uses or that you do not want to have access to your child's account information.
→ You will not have visibility into which specific third-party applications have been authorized to access your child's account information.
→ Third-party applications may continue to have access to your child's account data if you do not actively manage permissions through your account settings.
ConductAtlas has recorded 2 material changes to this document (since April 2026).
Policy now explicitly permits collection of IP addresses and device identifiers from child users for internal operations, security, fraud prevention, advertising, and legal compliance, with stated contractual restrictions on service provider use.
Parents can now view a named list of third-party applications authorized to receive child account information, expanding visibility beyond access management settings.
Nintendo shifted from ESRB Privacy Certified Program to CARU Privacy Certified Program, changing the independent auditor and enforcement body governing compliance.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Parents now have explicit visibility into which apps have been authorized to receive their child's account information.
The policy now openly states what kinds of identifiers are collected from children and why.
+ 1 more obligation changes. Full breakdown available with Watcher.
Track changes →Nintendo transitioned its child privacy certification from the Entertainment Software Rating Board (ESRB) to the Children's Advertising Review Unit (CARU), both of which are self-regulatory programs with independent audit and enforcement mechanisms. The policy now explicitly details the collection and permitted uses of persistent identifiers from child users, framing them as necessary for internal operations, security, fraud prevention, and legal compliance. This change may reflect alignment with CARU's standards or a strategic shift in third-party oversight. Organizations that rely on Nintendo's platform to serve child users should confirm their understanding of the data collection practices disclosed and evaluate whether their own privacy programs and vendor agreements address the specific uses enumerated in the updated policy.
COPPA (Children's Online Privacy Protection Act), FTC Act Section 5 (unfair or deceptive practices), CARU Self-Regulatory Standards
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001094.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherNintendo updated its privacy policy to clarify how it collects error data, expanded where it uses location information to include …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.