Gemini claims that because it is regulated as a financial institution under federal law, it does not have to comply with many state privacy laws that would otherwise give you rights like data deletion or opt-out of data sharing.
This analysis describes what Gemini's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This claim directly limits which privacy rights you can exercise as a US consumer, potentially removing protections you might expect under state laws like CCPA.
Interpretive note: The scope of GLBA preemption over specific state privacy laws is not fully settled and varies by state and the nature of the data processing activity involved.
If you are a US user, you may not be able to request deletion of your account data or opt out of certain data sharing practices under state privacy laws, because Gemini asserts federal GLBA preemption. The practical scope of this exemption varies by state and is not fully defined in this policy.
How other platforms handle this
Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...
Depending on where you live, you may have certain rights regarding your personal information. These rights may include the right to know what personal information we have collected about you, the right to delete your personal information, the right to correct inaccurate personal information, the rig...
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Monitoring
Gemini has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"As a financial institution under the Gramm-Leach-Bliley Act ("GLBA"), Gemini's privacy practices are subject to federal law and therefore are exempt from many state privacy laws. For those states with laws that do apply to Gemini's practices, please see our state-focused privacy disclosures about when we may process your personal data and your corresponding rights, in our [jurisdiction-specific disclosures].— Excerpt from Gemini's Gemini Privacy Policy
(1) REGULATORY LANDSCAPE: This provision directly implicates the GLBA Privacy Rule (15 U.S.C. 6801 et seq.) and its Safeguards Rule, enforced by the FTC. The assertion of GLBA preemption over state privacy laws engages CCPA/CPRA, and potentially Virginia CDPA, Colorado CPA, and other comprehensive state privacy statutes that include financial institution exemptions of varying scope. Not all state privacy laws are fully preempted by GLBA; the extent of preemption depends on whether the state law is inconsistent with GLBA or provides greater protection, creating a nuanced compliance landscape. (2) GOVERNANCE EXPOSURE: High. The blanket assertion that Gemini is exempt from 'many state privacy laws' is operationally significant but underspecified. Compliance teams must map which state laws are actually preempted and which are not, as enforcement authorities in states like California retain the ability to challenge overly broad preemption claims, particularly for data processing activities that extend beyond traditional financial services (such as marketing analytics). (3) JURISDICTION FLAGS: California presents the highest exposure given CPRA's financial institution carve-out language and the CPPA's active enforcement posture. Colorado, Virginia, Connecticut, and Texas also have comprehensive privacy laws with financial institution exemptions that may not fully align with Gemini's GLBA preemption assertion. EU and UK users are directed to a separate notice and are not subject to this provision. (4) CONTRACT AND VENDOR IMPLICATIONS: B2B partners and institutional clients relying on Gemini's data practices should independently verify the scope of GLBA preemption for their own compliance obligations. If Gemini shares user data with non-affiliated third parties for marketing, GLBA's opt-out requirement for such sharing may be separately applicable regardless of state law preemption claims. (5) COMPLIANCE CONSIDERATIONS: Legal teams should conduct a state-by-state analysis of which privacy laws are actually preempted by GLBA as applied to Gemini's specific data processing activities, including advertising and analytics functions. The policy's delegation of state-specific rights to a separate disclosure document should be reviewed to ensure it adequately satisfies any applicable notice requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This claim directly limits which privacy rights you can exercise as a US consumer, potentially removing protections you might expect under state laws like CCPA.
If you are a US user, you may not be able to request deletion of your account data or opt out of certain data sharing practices under state privacy laws, because Gemini asserts federal GLBA preemption. The practical scope of this exemption varies by state and is not fully defined in this policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Gemini.