Roblox updated their Roblox Privacy Policy on June 24, 2026. Change detected: 1 sentence(s) modified. Document contained 546 sentences after update.
Impact assessment pending documentation review.
Institutional analysis pending. This change has been verified and documented.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This new provision establishes automatic privacy protections for under-13 users and delays personalized advertising until age 18, indicating a shift toward stricter child privacy compliance.
This new biometric data collection practice represents a significant privacy expansion, as Roblox now explicitly collects and processes facial images, though with stated deletion after verification.
Addition of law enforcement data sharing practices increases transparency about government data requests and user information disclosure.
This new hierarchy clause clarifies that location-specific privacy rules take precedence, potentially allowing regional opt-outs and stricter regulations to override general policy.
This new provision specifies data handling for parental account setup failures, ensuring unused parental contact information is promptly deleted.
This new provision discloses automated and human content filtering for child safety, indicating enhanced protective measures in public spaces.
Removal of explicit third-party data sharing provision may indicate tightened data sharing restrictions, particularly in response to child privacy regulations limiting advertising partner access.
Removal of explicit CPRA opt-out language may suggest integration into location-specific policies or substantive changes to data sharing practices.
Removal of cookie usage disclosure suggests restrictions on tracking technologies, likely due to stricter child privacy enforcement limiting cookies for under-13 users.
Removal of explicit cross-border transfer disclosure may indicate relocation to location-specific policies or compliance with stricter regional data localization requirements.
Removal of user rights summary suggests consolidation into location-specific addenda per the new override clause, potentially allowing tiered rights based on jurisdiction.
Previous version stated only necessary information was collected with parental consent; current version now explicitly includes persistent identifiers (IP address, device identifiers) collected from users under 13 without mentioning parental consent requirement.
Previous version allowed behavioral advertising at age 13; current version delays personalized advertising until age 18, establishing a more restrictive policy for teen users.
Previous version outlined general retention and 45-day deletion response times; current version specifies that persistent identifiers can be retained for up to two years post-deletion for safety and security purposes.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorGet alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.