DraftKings can take your personal information, convert it into anonymized or aggregate data, and then use or sell that data for any purpose with no restrictions.
This analysis describes what DraftKings's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The right to use de-identified data derived from personal information 'for any purpose' and share it with third parties 'for any reason' is broad, and the practical privacy protections depend on the robustness of the de-identification process, which is not described in detail.
Data derived from your personal information, once de-identified or aggregated, can be used and disclosed by DraftKings for any commercial purpose including sale to third parties. The protections associated with de-identified data depend on the technical standards applied during de-identification, which the notice does not specify.
How other platforms handle this
We may de-identify, anonymize, or aggregate information we collect so the information cannot reasonably identify you or your device, or we may collect information that is already in de-identified form. For example, we may disclose performance benchmark data and other aggregated, anonymized, or de-id...
We may use and share de-identified or aggregated information for any purpose, including research and analytics. We maintain and use de-identified data without attempting to re-identify it.
Mixpanel may use aggregated or de-identified data derived from customer event data for its own purposes, including improving its services, developing new features, and generating analytics insights, provided that such data cannot reasonably be used to identify individual users.
Monitoring
DraftKings has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may create aggregated, anonymized, or de-identified data (i.e., data that is not reasonably capable of being associated with or linked to you) from personal information we collect from or about you. We use such data to analyze request and usage patterns so that we may develop, improve, optimize, and/or enhance our Services and improve our consumers' experience with and ability to navigate our Website and Applications. We reserve the right to use aggregated, anonymized or de-identified data for any purpose and to disclose it to third parties for any reason.— Excerpt from DraftKings's DraftKings Privacy Policy
REGULATORY LANDSCAPE: CCPA/CPRA and other state privacy laws include definitions of 'deidentified data' that, if satisfied, remove the data from the scope of consumer rights obligations. However, these frameworks also require that companies maintain technical and organizational safeguards to prevent re-identification and bind recipients by contract to the same restrictions. The FTC has issued guidance on the risks of re-identification from purportedly anonymized datasets. CPRA specifically requires that recipients of de-identified data be contractually prohibited from re-identifying it. GOVERNANCE EXPOSURE: Medium. The provision asserts broad rights over de-identified data but does not describe the de-identification methodology, technical safeguards, or contractual obligations imposed on third-party recipients. The absence of these details creates uncertainty about whether the de-identification meets the standards required by CCPA/CPRA and other applicable laws. JURISDICTION FLAGS: California CPRA requires specific de-identification standards and contractual protections for recipients of de-identified data. Colorado CPA, Virginia CDPA, and Connecticut CTDPA have similar requirements. The EU/EEA GDPR applies a higher standard for what constitutes truly anonymized data, and data that does not meet that standard remains subject to GDPR protections regardless of how it is characterized. CONTRACT AND VENDOR IMPLICATIONS: Third-party recipients of de-identified data should be assessed to confirm contractual prohibitions on re-identification are in place as required by applicable state privacy laws. If de-identified data is sold or licensed commercially, this activity should be assessed against the scope of any data sale restrictions or opt-out mechanisms offered to users. COMPLIANCE CONSIDERATIONS: Compliance teams should document the technical de-identification methodology used to ensure it meets applicable state and federal standards. Contracts with third-party recipients of de-identified data should be audited for re-identification prohibitions. The notice should be reviewed to assess whether additional disclosure about de-identification practices is required under applicable laws.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The right to use de-identified data derived from personal information 'for any purpose' and share it with third parties 'for any reason' is broad, and the practical privacy protections depend on the robustness of the de-identification process, which is not described in detail.
Data derived from your personal information, once de-identified or aggregated, can be used and disclosed by DraftKings for any commercial purpose including sale to third parties. The protections associated with de-identified data depend on the technical standards applied during de-identification, which the notice does not specify.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DraftKings.