Cookie and Tracking Technology Use

What it is

ADP uses cookies and other tracking tools on its websites to monitor how you use the site, remember your preferences, and show you targeted advertisements. Some of these tracking files remain on your device after you leave the site.

Why it matters (compliance & governance perspective)

Persistent tracking technologies can build a profile of your online behavior over time, and this data may be shared with advertising partners. You can manage these preferences through ADP's cookie settings.

This document changed recently

Consumer impact (what this means for users)

Visitors to ADP's websites may have their browsing behavior tracked by persistent cookies and advertising pixels that share data with third-party marketing platforms, which could affect the advertising they see across the internet.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Cookie and tracking practices engage the EU's ePrivacy Directive (Cookie Law) in conjunction with GDPR consent requirements for non-essential cookies. The relevant EU enforcement authorities are national DPAs. In the US, the FTC has authority over deceptive tracking practices under Section 5 of the FTC Act. California's CPRA treats certain cookie-based data sharing as 'sharing' for cross-context behavioral advertising, triggering opt-out rights. GOVERNANCE EXPOSURE: Medium. ADP's website serves both consumers and business customers across jurisdictions with varying cookie consent requirements. The use of advertising pixels from Facebook, Google, LinkedIn, Twitter, and Reddit (visible in the page source) alongside a OneTrust consent management platform indicates a structured consent approach, but the adequacy of consent collection varies by jurisdiction. The policy's reference to 'personalized advertisements' may constitute 'sharing' under California CPRA. JURISDICTION FLAGS: EU and UK require prior opt-in consent for non-essential cookies under the ePrivacy framework. California requires an opt-out mechanism for data sharing through cookies used for cross-context behavioral advertising. Canada's PIPEDA and Quebec's Law 25 create additional consent requirements for tracking technologies. CONTRACT AND VENDOR IMPLICATIONS: B2B clients whose employees access ADP platforms should be aware that ADP's cookie practices on its public website may differ from practices within authenticated client environments. Procurement teams should clarify whether tracking technologies operate within ADP's HR platform products and under what terms. COMPLIANCE CONSIDERATIONS: Legal teams should audit whether ADP's OneTrust consent management platform configuration meets jurisdiction-specific requirements, particularly for EU opt-in and California opt-out obligations. Cookie policy reviews should confirm that all third-party pixel vendors identified in the page source are disclosed in the cookie policy and that data processor agreements are in place with each.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Controller vs Processor Dual Role high
• Sensitive Personal Data Processing high
• Cross-Border Data Transfers via Binding Corporate Rules medium
• California Consumer Privacy Act Rights medium
• Data Retention medium
• Third-Party Data Sharing medium

Related Analysis

• Netflix Updated Terms Authorize Voice Data Collection: April 2026

  Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.

• What Google Actually Knows About You

  Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.