FanDuel and its advertising partners track your online activity across websites and apps, including using your email address in hashed form as a tracking identifier, to deliver targeted ads to you on other platforms.
This analysis describes what FanDuel's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Cross-device and cross-site advertising tracking using hashed email addresses means your FanDuel activity can follow you across the internet even if you do not use cookies, making it difficult to fully limit tracking through standard browser controls alone.
The updated privacy policy no longer explicitly covers the FanDuel Fantasy Picks platform (www.fanduel.com/picks) and its mobile app. Previously, the policy stated it applied to the DFS Site, Skill G…
Your browsing behavior, device identifiers, location data, and hashed email address may be used to target you with ads across unrelated websites and apps, and FanDuel may use these same mechanisms to advertise on behalf of third-party companies, not just itself.
How other platforms handle this
American gets this information by using technologies, including cookies, web beacons, and mobile device geolocation to provide and improve our Interactive Services and advertising, including across browsers and devices (also known as cross-device linking). This technical information may be combined ...
We use Google Analytics, Google Tag Manager, LinkedIn Insight Tag, and other third-party analytics and advertising tools to collect information about how visitors use our website. This may include information about your device, browser, IP address, and pages visited.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store Personal Information, including your browser type, operating system version, domains, IP address, the URL of the page that referred you, referring/exit pages and information about your interactions ...
Monitoring
FanDuel has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We work with a number of companies that assist in marketing our services to you on third party websites. These companies may collect information about online activities conducted on a particular computer, browser or device over time and across third-party websites or online services for the purpose of delivering advertising that is likely to be of greater interest to you. Just as these technologies may be used to target ads on our websites and apps, we, or our advertising partners, may use these same technologies and data points (e.g., mobile identifiers, cookie identifiers, location-based data), through our Services or through other services, to target advertising (for ourselves or other companies) on other sites or mobile apps. Sometimes, these identifiers may be derived from a hashed or encrypted version of personal information such as your email address.— Excerpt from FanDuel's FanDuel Privacy Policy
(1) REGULATORY LANDSCAPE: Cross-device tracking and the use of hashed email addresses as persistent identifiers implicates CCPA and CPRA definitions of personal information and sensitive data sharing. The FTC has scrutinized cross-device tracking practices and issued guidance on consumer notice requirements. The use of email-derived identifiers for targeted advertising may engage the CAN-SPAM Act and applicable state marketing laws. EU and UK users, if any, would be subject to GDPR and ePrivacy Directive requirements for consent-based tracking. (2) GOVERNANCE EXPOSURE: Medium. The use of hashed email addresses as persistent tracking identifiers across platforms is a technically sophisticated practice that consumers are unlikely to anticipate from standard cookie consent disclosures. The policy discloses multiple opt-out pathways but does not guarantee that all advertising partners honor opt-outs, and the opt-outs are browser and device-specific. (3) JURISDICTION FLAGS: California creates the highest exposure for this practice given CPRA's treatment of sharing personal information for cross-context behavioral advertising as a regulated activity requiring opt-out. Colorado and Connecticut have similar requirements. Illinois BIPA may be relevant if biometric-adjacent identifiers are derived from facial recognition in profile photos, though the policy does not assert this. (4) CONTRACT AND VENDOR IMPLICATIONS: The advertising partner ecosystem is not enumerated in the policy, making it difficult for compliance teams to assess the full scope of third-party tracking. Contracts with advertising partners should specify permissible use of user data, including hashed identifiers, and should require partners to honor opt-out signals. (5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm that advertising partner contracts require compliance with applicable privacy opt-out signals including GPC. The use of hashed email addresses as tracking identifiers should be documented in data flow maps and assessed against state law definitions of personal information sale and sharing.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Cross-device and cross-site advertising tracking using hashed email addresses means your FanDuel activity can follow you across the internet even if you do not use cookies, making it difficult to fully limit tracking through standard browser controls alone.
Your browsing behavior, device identifiers, location data, and hashed email address may be used to target you with ads across unrelated websites and apps, and FanDuel may use these same mechanisms to advertise on behalf of third-party companies, not just itself.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by FanDuel.