FanDuel and its advertising partners track your online activity across websites and apps, including using your email address in hashed form as a tracking identifier, to deliver targeted ads to you on other platforms.
This analysis describes what FanDuel's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Cross-device and cross-site advertising tracking using hashed email addresses means your FanDuel activity can follow you across the internet even if you do not use cookies, making it difficult to fully limit tracking through standard browser controls alone.
The updated privacy policy no longer explicitly covers the FanDuel Fantasy Picks platform (www.fanduel.com/picks) and its mobile app. Previously, the policy stated it applied to the DFS Site, Skill Games Site, and Picks Site together. Now only the DFS Site and Skill Games Site are listed in the policy scope. This creates ambiguity about what privacy rules, data collection practices, retention periods, and user rights apply to your Fantasy Picks account. You should review FanDuel's website to determine whether a separate privacy policy governs Fantasy Picks data, or contact FanDuel directly to clarify what privacy terms apply to that service.
View change record →Your browsing behavior, device identifiers, location data, and hashed email address may be used to target you with ads across unrelated websites and apps, and FanDuel may use these same mechanisms to advertise on behalf of third-party companies, not just itself.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
src="https://trc.taboola.com/1142432/trc/3/json" ... src="https://www.googletagmanager.com/gtag/js?id=DC-15299257" ... src="https://tr.snapchat.com/config/com/af90c7f8-bd28-4988-b1ce-1711aad792f4.js" ... src="https://tr.snapchat.com/config/com/8fbe1595-8c5a-46b1-bbb2-66f3d57debde.js" ... src="https:...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
FanDuel has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We work with a number of companies that assist in marketing our services to you on third party websites. These companies may collect information about online activities conducted on a particular computer, browser or device over time and across third-party websites or online services for the purpose of delivering advertising that is likely to be of greater interest to you. Just as these technologies may be used to target ads on our websites and apps, we, or our advertising partners, may use these same technologies and data points (e.g., mobile identifiers, cookie identifiers, location-based data), through our Services or through other services, to target advertising (for ourselves or other companies) on other sites or mobile apps. Sometimes, these identifiers may be derived from a hashed or encrypted version of personal information such as your email address.— Excerpt from FanDuel's FanDuel Privacy Policy
(1) REGULATORY LANDSCAPE: Cross-device tracking and the use of hashed email addresses as persistent identifiers implicates CCPA and CPRA definitions of personal information and sensitive data sharing. The FTC has scrutinized cross-device tracking practices and issued guidance on consumer notice requirements. The use of email-derived identifiers for targeted advertising may engage the CAN-SPAM Act and applicable state marketing laws. EU and UK users, if any, would be subject to GDPR and ePrivacy Directive requirements for consent-based tracking. (2) GOVERNANCE EXPOSURE: Medium. The use of hashed email addresses as persistent tracking identifiers across platforms is a technically sophisticated practice that consumers are unlikely to anticipate from standard cookie consent disclosures. The policy discloses multiple opt-out pathways but does not guarantee that all advertising partners honor opt-outs, and the opt-outs are browser and device-specific. (3) JURISDICTION FLAGS: California creates the highest exposure for this practice given CPRA's treatment of sharing personal information for cross-context behavioral advertising as a regulated activity requiring opt-out. Colorado and Connecticut have similar requirements. Illinois BIPA may be relevant if biometric-adjacent identifiers are derived from facial recognition in profile photos, though the policy does not assert this. (4) CONTRACT AND VENDOR IMPLICATIONS: The advertising partner ecosystem is not enumerated in the policy, making it difficult for compliance teams to assess the full scope of third-party tracking. Contracts with advertising partners should specify permissible use of user data, including hashed identifiers, and should require partners to honor opt-out signals. (5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm that advertising partner contracts require compliance with applicable privacy opt-out signals including GPC. The use of hashed email addresses as tracking identifiers should be documented in data flow maps and assessed against state law definitions of personal information sale and sharing.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Cross-device and cross-site advertising tracking using hashed email addresses means your FanDuel activity can follow you across the internet even if you do not use cookies, making it difficult to fully limit tracking through standard browser controls alone.
Your browsing behavior, device identifiers, location data, and hashed email address may be used to target you with ads across unrelated websites and apps, and FanDuel may use these same mechanisms to advertise on behalf of third-party companies, not just itself.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by FanDuel.