Canva removed three sentences from its privacy policy that described cookie usage and consent options. The removed language previously explained that Canva uses non-essential cookies for personalization, advertising, and analytics, and invited users to review cookie choices or accept all cookies. The updated policy no longer includes this explicit disclosure about cookie purposes or the cookie consent interaction.
The updated privacy policy no longer includes explicit language describing Canva's use of non-essential cookies for personalization, advertising tailoring, and website analytics. Previously, the policy stated that Canva would use these cookies only if users accepted. The removal of this disclosure means the policy no longer clearly explains these cookie categories or presents a consent interaction for non-essential cookies at the point where this information was previously disclosed. Depending on applicable cookie law and Canva's implementation, users may need to consult additional documentation such as a separate cookie policy to understand how non-essential cookies are managed.
The updated policy no longer explicitly discloses cookie purposes or presents a consent interaction at the point where users first encounter cookie information in the privacy policy. Under GDPR and ePrivacy law, valid consent for non-essential cookies requires clear, specific disclosure of what cookies are used for before consent is requested. Removing this disclosure from the main privacy policy may reduce transparency and could create compliance gaps if Canva does not maintain equally clear disclosures elsewhere.
→ If available, review Canva's separate cookie policy to understand what non-essential cookies are used and how to manage them.
→ Check your browser settings to review or manage cookies stored by Canva.
→ You may not be aware of what non-essential cookies Canva uses unless you access a separate cookie policy.
→ The terms as written no longer explicitly describe cookie purposes in the main privacy policy.
This is the 4th significant Transparency Removal change Canva has made since ConductAtlas began monitoring.
ConductAtlas has recorded 2 material changes to this document (since May 2026). An additional minor or cosmetic changes were excluded.
Across all monitored documents, Canva has made 4 significant changes.
4 of Canva's significant changes have been classified as negative for consumers.
Removed explicit explanation of non-essential cookie purposes and removed reference to cookie consent interaction (Accept all / Manage cookies buttons).
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Users can no longer see in the main privacy policy what cookies are used for or how to manage them; they must find this information elsewhere or rely on other notices.
Canva's privacy policy removed explicit disclosures about non-essential cookie use and user consent options. This change may create compliance exposure under GDPR Article 7 (consent conditions), EDPB cookie guidance, ePrivacy Directive implementation, CCPA disclosure requirements, and UK Data Protection Act 2018 provisions requiring clear consent mechanisms for non-essential cookies and tracking. Organizations using Canva in their vendor stack should assess whether this removal affects their own cookie disclosures, consent records, or data processing documentation. The removal of visible consent interaction language does not necessarily indicate consent is no longer required by law, but it signals a change in how consent is presented to users.
GDPR (Article 4 definition of consent, Article 7 consent requirements, Article 13 transparency requirements), EDPB Guidelines 05/2020 on consent, Recital 32 on freely given consent, ePrivacy Directive (2002/58/EC as amended), UK Data Protection Act 2018, CCPA (California Consumer Privacy Act), California Consumer Legal Remedies Act Section 1770 (unfair/deceptive practices)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001628.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherCanva removed three sentences from its Terms of Use that previously explained cookie usage and offered consent options. The removed …
Canva added a cookie consent notice to the top of its Privacy Policy on May 5, 2026. The new language …
Canva added a cookie consent notice to its Terms of Use page on May 5, 2026. The new language discloses …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.