Roblox updated their Roblox Privacy and Cookie Policy on June 24, 2026. Change detected: 1 sentence(s) modified. Document contained 546 sentences after update.
Impact assessment pending documentation review.
Institutional analysis pending. This change has been verified and documented.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Introduces automatic age-based feature gating with graduated privacy protections, deferring personalized advertising until age 18 rather than 13, representing stricter child privacy compliance.
Explicitly carves out exception allowing persistent identifier collection for children for core service functionality, clarifying what data collection remains permissible under COPPA compliance.
Adds transparency about government data requests, likely required by regulatory changes or litigation pressure to disclose law enforcement cooperation practices.
Introduces explicit GDPR compliance framework with designated EU representatives and data protection officer contact information, likely responding to increased EU regulatory enforcement.
Removal reflects shift away from broad third-party behavioral targeting disclosure, likely replaced by more restrictive age-tiered advertising policies that prohibit such practices for minors.
Removal of consolidated jurisdiction-specific rights section suggests these provisions were relocated to jurisdiction-specific sections (like the new GDPR section) rather than eliminated.
Removal of detailed tracking technology disclosure aligns with restrictions on such tracking for minors under age-tiered policy, though the current version mistakenly lists a contact provision under this name.
Removal of broad third-party sharing framework, particularly advertising and analytics partner sharing, reflects tightening of data sharing practices for compliance with child privacy regulations.
Removal may indicate this standard provision was moved to a separate policy section or deemed unnecessary as standard practice.
Removal of financial transaction data collection disclosure may reflect a shift toward not collecting such sensitive data from minors, or relocation to payment-specific terms rather than privacy policy.
Shifted from general biometric collection framework to specific age assurance use case with explicit deletion guarantee post-assessment and reference to separate facial media policy.
Shifted from parental consent framework to data minimization-first approach with automatic deletion or account protections for excess data collection rather than requiring parental intervention.
Expanded from simple deletion-on-request policy to comprehensive retention governance framework emphasizing purpose limitation, persistent identifier management, and operational safeguards like access controls and employee training.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff β MonitorWe read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liaβ¦
Get alerted when this policy changes again β including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.