PayPal restructured the organization and navigation of its Privacy Statement on May 31, 2026. The document added a comprehensive table of contents listing detailed sections (Non-Account Holders Notice, AI and Automated Decision Making, CCPA rights, UK/EEA disclosures, Mexico ARCO rights, Singapore disclosures) that were either not previously visible or were reorganized for clarity. The core privacy overview statement itself remained substantively unchanged, but users now encounter a more detailed roadmap to jurisdiction-specific rights and data handling practices upfront.
The updated Privacy Statement reorganizes its presentation and navigation to make rights and disclosures more accessible. A new table of contents explicitly lists sections covering AI and Automated Decision Making, CCPA privacy rights, UK/EEA data protections, Mexico ARCO rights, and Singapore disclosures. The substantive commitments and obligations described in the overview remain the same, but users can now more easily locate jurisdiction-specific rights and data handling practices.
The updated privacy statement improves user access to jurisdiction-specific rights and data governance disclosures by organizing them in a visible table of contents. PayPal now explicitly surfaces sections covering AI and Automated Decision Making, CCPA privacy rights, UK/EEA data protections, Mexico ARCO rights, and Singapore data protection obligations. This structural change makes it easier for users in different jurisdictions to locate the rights and protections that apply to them without requiring them to navigate through dense policy text.
New detailed section headings added for AI governance, CCPA rights, and international data protections, improving navigation and visibility of jurisdiction-specific disclosures.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This change is a structural and organizational update to the privacy policy document rather than a substantive modification to PayPal's stated data practices or obligations. The core privacy overview language remains materially unchanged. The addition of a detailed table of contents and section headers improves navigation and visibility of existing disclosures across multiple jurisdictions (US, EU, UK, Mexico, Singapore) and topics (AI governance, cookies, data transfers). No new compliance obligations are created by this change; it clarifies and organizes existing ones.
GDPR (EU), CPRA (California), UK GDPR, Mexico privacy law (LGPD), Singapore PDPA (implied by new section)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002517.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorPayPal's User Agreement was updated on May 31, 2026 with a restructured table of contents. The previous version listed only …
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them t…
ConductAtlas tracked the restructuring, new disclosures, and entity changes that followed the largest privacy fine in EU history.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.