ADP shares your personal data with its related companies, business clients, outside vendors, government agencies when required, and with any company that acquires ADP or its business units.
This analysis describes what ADP's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your personal data including payroll figures and health information may be shared with a broad range of entities, and in the event of a merger or acquisition, it could transfer to a new owner whose privacy practices may differ.
ADP deleted the cookie preference management tool that previously allowed users to understand and control which cookies were placed on their devices, including functional, analytics, and advertising …
ADP's data sharing extends to subsidiaries, employer-clients, third-party service providers, and potential acquirers, meaning sensitive employment and financial data may be accessed by a wide network of entities with varying privacy standards.
How other platforms handle this
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
We process personal data you provide to Oura to enable third party integrations, services, features, and offerings. For example, with your permission, our Services may integrate with third-party services like Google Health Connect and Apple HealthKit, or those of our partners. Oura takes measures to...
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
Monitoring
ADP has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your personal data with: ADP subsidiaries and affiliates; our Clients, for whom we process personal data; third-party service providers who perform services on our behalf; business partners, to the extent you have engaged with their products or services; governmental authorities when required by law or to protect ADP's rights; and successors or assigns in connection with a business transaction such as a merger, acquisition, or sale of assets.— Excerpt from ADP's ADP Privacy Statement
REGULATORY LANDSCAPE: Third-party data sharing engages GDPR Article 13 disclosure requirements, which require that data subjects be informed of recipients or categories of recipients at the time of collection. The authorization for sharing with business acquirers may constitute a new processing purpose requiring legal basis under GDPR. The FTC Act applies to deceptive or unfair sharing practices in the US. CCPA requires disclosure of categories of third parties with whom data is shared and imposes opt-out rights for sharing constituting sale. GOVERNANCE EXPOSURE: Medium. The scope of sharing described is broad but not atypical for a multinational B2B services provider. The merger and acquisition sharing provision is standard but may create a new processing purpose under GDPR requiring notification to data subjects if their data transfers to a materially different controller. Sub-processor sharing creates additional governance obligations under GDPR Article 28. JURISDICTION FLAGS: EU and UK require specific disclosure of third-party recipients or categories. California requires disclosure of categories of third parties and an opt-out mechanism for sharing that constitutes selling or cross-context behavioral advertising. Any sharing with entities in countries without adequate data protection requires a transfer mechanism. CONTRACT AND VENDOR IMPLICATIONS: Employer-clients should audit their DPA with ADP to confirm that sub-processor sharing is governed by appropriate contractual terms and that ADP provides advance notice of new sub-processors as required. M&A scenarios may require contract amendments or notifications to employees whose data transfers. COMPLIANCE CONSIDERATIONS: Data mapping exercises should trace all third-party sharing flows and confirm legal bases for each. Legal teams should assess whether any sharing arrangements constitute 'sale' under applicable state law. Employee notification obligations in M&A scenarios should be assessed in advance as part of transaction planning.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your personal data including payroll figures and health information may be shared with a broad range of entities, and in the event of a merger or acquisition, it could transfer to a new owner whose privacy practices may differ.
ADP's data sharing extends to subsidiaries, employer-clients, third-party service providers, and potential acquirers, meaning sensitive employment and financial data may be accessed by a wide network of entities with varying privacy standards.
ConductAtlas has identified this type of provision across 24 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ADP.