By using DraftKings, you authorize your bank, phone carrier, ISP, and even government agencies to share your personal information with DraftKings and its vendors for identity verification and fraud prevention purposes.
This analysis describes what DraftKings's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause is operationally significant because it attempts to use acceptance of the privacy notice as a blanket authorization for financial institutions and government organizations to disclose user data to DraftKings. The actual enforceability of this authorization against financial institutions may be constrained by GLBA, applicable state financial privacy laws, and the independent consent frameworks those institutions operate under.
Interpretive note: The enforceability of this authorization against financial institutions and government entities is uncertain and likely depends on each institution's independent regulatory obligations under GLBA and other applicable frameworks.
Accepting DraftKings' privacy notice is framed as granting permission for your financial institution, mobile carrier, and government sources to share your financial and identity data with DraftKings, which may go beyond what users expect from a gaming platform's privacy acceptance. Whether this authorization is legally sufficient to compel disclosure from those third parties depends on each institution's own regulatory obligations.
Cross-platform context
See how other platforms handle Authorization for Third-Party Disclosure of Financial and Government Data and similar clauses.
Compare across platforms →Monitoring
DraftKings has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"By accepting this privacy notice and using our Services, you authorize third parties, which may include your mobile operator(s), internet service provider(s), financial institution(s), as well as government organizations and other authoritative data sources, to disclose to us and our service providers and other vendors your personal information for the purposes of validating your identity and detecting and preventing fraud. This information may include, but is not limited to, your credit record number, IP address, device identifier, browser type, operating system, location, and data regarding your interaction with an Internet website or application.— Excerpt from DraftKings's DraftKings Privacy Policy
REGULATORY LANDSCAPE: This provision engages the Gramm-Leach-Bliley Act (GLBA), which governs financial institutions' disclosure of nonpublic personal information and generally requires those institutions to provide their own privacy notices and opt-out rights. The provision's attempt to authorize disclosure from financial institutions via a gaming platform's privacy notice may not satisfy GLBA's independent consent requirements. The FTC and federal banking regulators (OCC, FDIC, CFPB) have authority over financial institution data sharing practices. Government data disclosure may engage the Privacy Act of 1974 if federal agency records are involved. GOVERNANCE EXPOSURE: Medium. The clause asserts a broad authorization, but its practical enforceability depends on whether the referenced third parties (financial institutions, government entities) are independently obligated to comply with this authorization or are constrained by their own regulatory frameworks. The inclusion of 'government organizations' as potential data disclosers is unusual and warrants specific legal review given applicable public records and privacy laws. JURISDICTION FLAGS: California's CCPA/CPRA, GLBA, and state financial privacy laws create layered obligations that may not be satisfied by a blanket acceptance-of-notice authorization. The EU/EEA GDPR would not recognize this consent mechanism as valid for data sharing from regulated financial entities. Canadian PIPEDA similarly requires meaningful consent that may not be met by this approach. CONTRACT AND VENDOR IMPLICATIONS: The extension of this authorization to DraftKings' 'service providers and other vendors' means the authorized disclosure flows beyond DraftKings itself. Legal teams should assess whether downstream vendor access to financial institution or government-sourced data is appropriately governed by data processing agreements and is disclosed in a manner satisfying applicable state privacy laws. COMPLIANCE CONSIDERATIONS: This provision warrants specific legal review to assess whether it creates enforceable authorization against financial institutions and government entities, or whether its practical effect is limited to DraftKings' own processing activities. Compliance teams should evaluate whether users are given adequate notice that this authorization is embedded within privacy notice acceptance, and whether a more explicit consent mechanism is required for financial data access under applicable state laws.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause is operationally significant because it attempts to use acceptance of the privacy notice as a blanket authorization for financial institutions and government organizations to disclose user data to DraftKings. The actual enforceability of this authorization against financial institutions may be constrained by GLBA, applicable state financial privacy laws, and the independent consent frameworks those institutions operate under.
Accepting DraftKings' privacy notice is framed as granting permission for your financial institution, mobile carrier, and government sources to share your financial and identity data with DraftKings, which may go beyond what users expect from a gaming platform's privacy acceptance. Whether this authorization is legally sufficient to compel disclosure from those third parties depends on each institution's own regulatory obligations.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DraftKings.