This analysis describes what ADP's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Cross-border data transfers without adequate safeguards are one of the most heavily enforced areas of EU privacy law; if ADP's BCR are not properly implemented or scoped, your EU data rights may not travel with your data to countries with weaker privacy laws.
ADP deleted the cookie preference management tool that previously allowed users to understand and control which cookies were placed on their devices, including functional, analytics, and advertising …
ADP processes highly sensitive personal data including payroll figures, health information, biometric data, and financial account details on behalf of employers, meaning employees have limited direct recourse against ADP for many data practices. For employees whose employers use ADP, the policy redirects most individual rights requests such as access, correction, or deletion to the employer rather than ADP, which can create practical barriers to exercising data rights. You can submit a privacy rights request directly to ADP via their online privacy rights request form at https://privacyportal.onetrust.com/webform/2dc52d43-8f58-4766-83c3-f0a08b09e2ba/draft/7fc0c4dc-1ac1-4f77-a756-ad89c97b67e8 if you believe ADP is acting as the data controller for your information.
How other platforms handle this
You will provide personal information directly to our website in the United States. We may also transfer personal information to our partners and service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data prote...
Notion is based in the United States and the information we collect is governed by U.S. law. If you are accessing our Services from outside of the United States, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the United States an...
Your personal information may be transferred to and processed in countries other than your country of residence, including Canada and the United States, where our servers are located and our central database is operated. These countries may have data protection laws that are different from those in ...
Monitoring
ADP has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"ADP has adopted Binding Corporate Rules (BCR) for processing Client employee data and business contact data and has implemented BCR for processing personal data of ADP Associates. These BCR provide equivalent protection for personal data transferred within the ADP group across borders, including transfers from the European Economic Area to countries that may not provide an equivalent level of data protection.— Excerpt from ADP's ADP Privacy Statement
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Cross-border data transfers without adequate safeguards are one of the most heavily enforced areas of EU privacy law; if ADP's BCR are not properly implemented or scoped, your EU data rights may not travel with your data to countries with weaker privacy laws.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ADP.