Delta updated its privacy policy on May 22, 2026, restructuring how users manage their personal information and privacy rights. The policy previously directed users to a single 'Privacy Requests' form and SkyMiles account deletion page; the updated version breaks this into five numbered subsections: Delete SkyMiles Account, Manage Email Marketing, Manage Tracking, Update Information, and Submit Privacy Requests, with specific instructions for each category. The change also adds explicit language stating that if a privacy request does not appear as an option on the form, it is not currently available in the user's location, and clarifies that users can withdraw previously provided consent using the method described at consent time or through the privacy request form.
The updated policy reorganizes how you access and manage your personal information with Delta. Previously, privacy options were described in prose format pointing to a single Privacy Request Form and SkyMiles Help page. The revised policy now lists five distinct categories: Delete SkyMiles Account, Manage Email Marketing, Manage Tracking, Update Information, and Submit Privacy Requests, each with specific instructions. The policy now explicitly states that if your privacy request type does not appear on the form, it is not currently available in your location. You can withdraw consent you previously provided by using the method described when you gave consent or by submitting a privacy request.
The updated policy makes privacy control mechanisms more transparent and modular by organizing them into five distinct categories with specific instructions for each. The added disclosure that certain privacy requests may not be available in your location clarifies scope boundaries that regulatory frameworks like GDPR and CCPA require Delta to communicate when privacy rights are restricted by jurisdiction.
→ Review the five privacy choice categories in the updated policy to identify which mechanisms apply to you.
→ If you attempt a privacy request and see a message that it is not available in your location, contact Delta Help Center to explore alternative options.
→ Withdraw any previously provided consent using the method described when you provided consent, or submit a privacy request through the privacy request form.
→ If you do not review the restructured privacy control options, you may not be aware that certain privacy request types may not be available in your location.
→ The updated disclosure requirements will apply as stated; Delta is now explicitly permitted to restrict certain privacy requests based on geographic location.
Reorganized privacy control mechanisms into five numbered categories with location-specific availability disclaimers.
Added explicit disclosure that certain privacy requests may not be available in the user's location.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
When you attempt a privacy request, Delta will tell you if that request type is not available where you live.
Delta restructured its privacy rights disclosure on May 22, 2026 from narrative prose to a numbered subsection format, making privacy control mechanisms more modular and location-specific. The updated policy now explicitly states that certain privacy requests may not be available in all jurisdictions, which may engage disclosure obligations under GDPR (Articles 13-14, 17-21) and CCPA (Cal. Civ. Code § 1798.100 et seq.) to the extent users in those jurisdictions attempt privacy requests that are disclosed as unavailable. No new substantive rights or limitations appear to have been added or removed; this is primarily a restructuring of existing privacy control disclosures. Compliance teams should confirm that the location-based unavailability statement is accurate for each relevant jurisdiction and that the form itself reflects these limitations.
GDPR (Articles 12-22 on rights of data subjects and transparency), CCPA (Cal. Civ. Code § 1798.100 et seq. on consumer rights), UK DPA 2018 (Schedule 2 rights), sector-specific aviation privacy frameworks.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002273.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorGet alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.