TikTok Ads updated its privacy policy on May 5, 2026, replacing the U.S.-specific version with language addressing 'other regions.' The controlled entity shifted from TikTok USDS Joint Venture LLC to TikTok Pte. Ltd., a Singapore-registered company. The document removed references to Washington state health data law compliance and restructured how information collection categories are presented, adding explicit language about user-generated content processing and associated metadata.
The updated policy states that TikTok Pte. Ltd., a Singapore-registered entity, now provides and controls the Platform, replacing the previous U.S.-based operator. The policy removes its prior explicit reference to compliance with Washington's My Health My Data Act and similar state health data laws, without stating what replaces that compliance framework. This shift in controlling entity and removal of specific health data law compliance language may affect what consumer protections apply depending on user jurisdiction. The policy now applies to 'other regions' rather than specifically to U.S. users, creating ambiguity about which jurisdiction's consumer protections govern.
The controlling entity and jurisdiction of TikTok Ads determine which consumer protection laws apply, where disputes must be resolved, and what data processing safeguards are contractually required. The shift from a U.S. operator to a Singapore-registered company, combined with removal of explicit health data law compliance language, materially changes the regulatory framework consumers operate under. The broader geographic scope (from U.S.-specific to 'other regions') creates ambiguity about which consumer protection laws TikTok commits to follow in each jurisdiction.
→ Consumer protections that previously applied under U.S. law and health data privacy statutes will now be determined by the legal framework governing a Singapore-registered entity and 'other regions,' which may offer different or unclear protections.
→ If health-related data is collected, the absence of explicit compliance language with Washington's My Health My Data Act or similar state laws may mean reduced contractual notice of how such data is protected.
→ The policy will apply to a broader set of regions without specifying which local laws govern each region, creating uncertainty about enforcement and remedies available to consumers in specific jurisdictions.
Changed from TikTok USDS Joint Venture LLC (U.S.) to TikTok Pte. Ltd. (Singapore registered), with address at 1 Raffles Quay, #26-10, South Tower, Singapore 048583.
Removed explicit reference to compliance with Washington's My Health My Data Act and similar state health data privacy laws.
Added explicit disclosure that TikTok processes user-generated content including metadata about when, where, and by whom content was created.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
The policy now discloses what happens to content you upload or create on the platform, including when, where, and by whom it was made.
The policy now details what account information TikTok collects when you register, including profile image and profile video.
+ 1 more obligation changes. Full breakdown available with Watcher.
Track changes →This change materially alters the legal entity responsible for data processing and removes explicit compliance commitments regarding state-level health data privacy laws. Organizations that incorporated TikTok Ads into their vendor stack relying on the prior U.S.-based operator and health data law compliance commitments may need to reassess data processing agreements, subprocessor disclosures, and compliance certifications. The shift to a Singapore-registered controller may trigger review of Data Processing Agreements, Standard Contractual Clauses adequacy (if EU data flows exist), and state-specific health data law obligations. The removal of explicit health data law language without replacement creates ambiguity about what regulatory framework now applies to sensitive health-related consumer data.
CCPA (California Consumer Privacy Act), Washington My Health My Data Act, FTC Act Section 5 (unfair or deceptive practices), GDPR (if EU residents access the platform), state consumer protection statutes
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001658.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherNetflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the …
TikTok's data collection extends to device sensors, clipboard content, geolocation, and cross-site tracking. Here is what their Privacy Pol…
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.