Third-Party Advertising and Analytics Data Sharing

What it is

Fiverr shares your data with advertising and analytics companies, and those companies may use it to show you targeted ads both on Fiverr and on other websites you visit.

Why it matters (compliance & governance perspective)

This provision means your Fiverr activity can follow you across the internet in the form of targeted advertising, which many users would not expect from a professional services marketplace.

Consumer impact (what this means for users)

Your usage patterns on Fiverr, including what services you browse, may be shared with advertising partners who can use that data to target you with ads on other websites and apps.

What you can do

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: This provision directly engages GDPR and the ePrivacy Directive for EU/EEA users, requiring explicit, freely given consent for behavioral advertising cookies and tracking technologies; the current regulatory posture from EU supervisory authorities, including the EDPB, treats pre-ticked consent and consent bundled with service access as invalid. CCPA/CPRA treats the sharing of personal information with advertising partners for cross-context behavioral advertising as a 'sale' or 'share' triggering opt-out rights under the statute. The FTC has also scrutinized behavioral advertising data flows under its unfair practices authority. (2) GOVERNANCE EXPOSURE: High. Behavioral advertising data sharing with third parties is one of the highest-scrutiny areas in global privacy enforcement. The provision's broad framing, covering interest-based advertising on third-party websites, means that user data may flow to entities outside Fiverr's direct control. The adequacy of consent mechanisms and the existence of data processing agreements with each advertising partner are critical compliance variables. (3) JURISDICTION FLAGS: EU/EEA users have the right to withdraw consent for behavioral advertising at any time under GDPR, and supervisory authorities in Ireland, France (CNIL), and Germany have been active in enforcing cookie consent requirements. California users have an explicit CPRA right to opt out of sharing for cross-context behavioral advertising, which must be honored within 15 business days of a request. UK users retain equivalent rights under UK GDPR. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement and legal teams should obtain a current list of advertising and analytics sub-processors, confirm that data processing agreements are in place for each, and assess whether any transfers to US-based advertising technology vendors rely on Standard Contractual Clauses or other valid GDPR transfer mechanisms post-Schrems II. (5) COMPLIANCE CONSIDERATIONS: The consent banner and preference center implementation should be audited to ensure that behavioral advertising cookies are not set before affirmative consent is obtained from EU/EEA users, and that the opt-out mechanism for California users is prominently displayed and functional. Records of consent should be maintained and demonstrable.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Personal Data Collection Scope medium
• International Data Transfers medium
• Data Subject Rights (EU, UK, and California) medium
• Cookies and Tracking Technologies medium
• Business Transfer Clause low
• Data Retention medium

Related Analysis

• Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.

  ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.

• 23andMe Is Bankrupt. What Happens to Your DNA Now?

  Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.