The policy authorizes sharing of personal data with third-party vendors providing hosting, analytics, and advertising services, subject to contractual data protection obligations imposed on those vendors.
This analysis describes what ADP's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision permits disclosure of personal data collected through ADP's website and marketing channels to advertising and analytics third parties, which is operationally relevant for CCPA opt-out rights and GDPR consent or legitimate interests assessments for website visitor data.
Interpretive note: The precise list of named advertising and analytics vendors and whether the sharing meets the CPRA definition of 'sharing for cross-context behavioral advertising' requires review of the California supplement and the current sub-processor or vendor list, which are not fully reproduced in the document text provided.
ADP deleted the cookie preference management tool that previously allowed users to understand and control which cookies were placed on their devices, including functional, analytics, and advertising cookies. The removal eliminates the transparency mechanism through which users could consent to or opt out of different cookie categories. The practical effect depends on whether ADP has replaced this functionality elsewhere or whether cookies continue to be placed without equivalent granular user control.
View change record →Under this clause, personal data collected from website visitors and business contacts may be shared with advertising and analytics vendors; the policy's technical infrastructure as observed includes third-party tracking scripts from Google, LinkedIn, Facebook, Twitter, Reddit, and other advertising platforms, which may constitute data sharing or selling under applicable state privacy laws.
How other platforms handle this
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your personal information with busines...
We permit third-party service providers to collect your information, as described here, through some of our services and we share your information with third-party service providers for business purposes as described in this policy, including but not limited to providing advertising on our services ...
Monitoring
ADP has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with third-party service providers that perform services on our behalf, such as website hosting, data analysis, advertising, and other services.— Excerpt from ADP's ADP Privacy Statement
1) REGULATORY LANDSCAPE: This provision engages CCPA and CPRA (California Consumer Privacy Act and California Privacy Rights Act), which regulate the sale and sharing of personal data with third parties for cross-context behavioral advertising. The FTC Act section 5 prohibition on unfair or deceptive practices also applies if the scope of third-party sharing is not accurately disclosed. GDPR Article 6 legitimate interests or consent requirements apply to EU website visitors subject to tracking by advertising vendors. 2) GOVERNANCE EXPOSURE: Medium. The combination of broad third-party sharing authorization and the observable presence of advertising tracking scripts from multiple platforms creates CCPA compliance exposure, particularly regarding whether the sharing of personal data with advertising platforms constitutes a 'sale' or 'sharing' under CPRA, which would trigger opt-out rights. ADP's California supplement should be reviewed to confirm whether a 'Do Not Sell or Share My Personal Information' opt-out is offered. 3) JURISDICTION FLAGS: California residents have the most immediate exposure given CPRA's definition of 'sharing' for cross-context behavioral advertising purposes. EU and UK users are subject to GDPR and ePrivacy Directive consent requirements for advertising cookies, which ADP addresses through its cookie consent banner. States with comprehensive privacy laws enacted after CCPA (Virginia, Colorado, Connecticut, Texas, others) may similarly require opt-out mechanisms for targeted advertising. 4) CONTRACT AND VENDOR IMPLICATIONS: Organizations that are ADP clients and whose employees interact with ADP's online platforms should assess whether ADP's advertising data sharing practices are disclosed in their own employee privacy notices. Procurement teams reviewing ADP as a vendor should request a current list of advertising and analytics sub-processors and confirm whether data processing agreements with those sub-processors are in place. 5) COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the California CCPA supplement provided by ADP offers a compliant opt-out mechanism for data sharing with advertising platforms. Consent management platform configurations should be audited to confirm that advertising cookies are not loaded prior to affirmative consent from EU users. Records of Processing Activities should reflect advertising data flows to named third-party platforms.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision permits disclosure of personal data collected through ADP's website and marketing channels to advertising and analytics third parties, which is operationally relevant for CCPA opt-out rights and GDPR consent or legitimate interests assessments for website visitor data.
Under this clause, personal data collected from website visitors and business contacts may be shared with advertising and analytics vendors; the policy's technical infrastructure as observed includes third-party tracking scripts from Google, LinkedIn, Facebook, Twitter, Reddit, and other advertising platforms, which may constitute data sharing or selling under applicable state privacy laws.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ADP.