Gemini claims that because it is regulated as a financial institution under federal law, it does not have to comply with many state privacy laws that would otherwise give you rights like data deletion or opt-out of data sharing.
This analysis describes what Gemini's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This claim directly limits which privacy rights you can exercise as a US consumer, potentially removing protections you might expect under state laws like CCPA.
Interpretive note: The scope of GLBA preemption over specific state privacy laws is not fully settled and varies by state and the nature of the data processing activity involved.
If you are a US user, you may not be able to request deletion of your account data or opt out of certain data sharing practices under state privacy laws, because Gemini asserts federal GLBA preemption. The practical scope of this exemption varies by state and is not fully defined in this policy.
How other platforms handle this
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
enableGpcSdk: true, gpcSetting: { privacyPolicyLink: '/Privacy-Security-Policy-a-282.html' }
We process Global Privacy Control signals as opt-out requests for the sale or sharing of personal information.
Monitoring
Gemini has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"As a financial institution under the Gramm-Leach-Bliley Act ("GLBA"), Gemini's privacy practices are subject to federal law and therefore are exempt from many state privacy laws. For those states with laws that do apply to Gemini's practices, please see our state-focused privacy disclosures about when we may process your personal data and your corresponding rights, in our [jurisdiction-specific disclosures].— Excerpt from Gemini's Gemini Privacy Policy
(1) REGULATORY LANDSCAPE: This provision directly implicates the GLBA Privacy Rule (15 U.S.C. 6801 et seq.) and its Safeguards Rule, enforced by the FTC. The assertion of GLBA preemption over state privacy laws engages CCPA/CPRA, and potentially Virginia CDPA, Colorado CPA, and other comprehensive state privacy statutes that include financial institution exemptions of varying scope. Not all state privacy laws are fully preempted by GLBA; the extent of preemption depends on whether the state law is inconsistent with GLBA or provides greater protection, creating a nuanced compliance landscape. (2) GOVERNANCE EXPOSURE: High. The blanket assertion that Gemini is exempt from 'many state privacy laws' is operationally significant but underspecified. Compliance teams must map which state laws are actually preempted and which are not, as enforcement authorities in states like California retain the ability to challenge overly broad preemption claims, particularly for data processing activities that extend beyond traditional financial services (such as marketing analytics). (3) JURISDICTION FLAGS: California presents the highest exposure given CPRA's financial institution carve-out language and the CPPA's active enforcement posture. Colorado, Virginia, Connecticut, and Texas also have comprehensive privacy laws with financial institution exemptions that may not fully align with Gemini's GLBA preemption assertion. EU and UK users are directed to a separate notice and are not subject to this provision. (4) CONTRACT AND VENDOR IMPLICATIONS: B2B partners and institutional clients relying on Gemini's data practices should independently verify the scope of GLBA preemption for their own compliance obligations. If Gemini shares user data with non-affiliated third parties for marketing, GLBA's opt-out requirement for such sharing may be separately applicable regardless of state law preemption claims. (5) COMPLIANCE CONSIDERATIONS: Legal teams should conduct a state-by-state analysis of which privacy laws are actually preempted by GLBA as applied to Gemini's specific data processing activities, including advertising and analytics functions. The policy's delegation of state-specific rights to a separate disclosure document should be reviewed to ensure it adequately satisfies any applicable notice requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This claim directly limits which privacy rights you can exercise as a US consumer, potentially removing protections you might expect under state laws like CCPA.
If you are a US user, you may not be able to request deletion of your account data or opt out of certain data sharing practices under state privacy laws, because Gemini asserts federal GLBA preemption. The practical scope of this exemption varies by state and is not fully defined in this policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Gemini.