Glassdoor collects highly sensitive personal details including your race, sexual orientation, disability status, and religion as part of its standard data collection practices.
This analysis describes what Glassdoor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This is among the most sensitive category of personal data under both GDPR and US state privacy laws, and its collection on a professional networking and job platform creates meaningful risk if data is misused or inadvertently disclosed to employers.
The updated policy grants EU, UK, and Swiss residents explicit rights to request access to their personal data held by Glassdoor in the United States, and to correct, amend, or delete that data. Glassdoor commits to responding to deletion requests within a reasonable timeframe and to obtaining explicit consent before sharing sensitive data with third parties or using data for purposes beyond the original collection. You can exercise these rights by following the instructions in the 'Controlling Your Personal Data' section of the policy.
View change record →The updated privacy policy removes explicit language granting users the right to correct, amend, or delete personal information held by Glassdoor. It also eliminates the documented right to opt-out before data is shared with third parties or used for purposes beyond the original collection. Previously, users could request limits on data use and disclosure; this right is no longer stated in the policy. Instead, the updated terms establish binding arbitration as the mechanism for resolving privacy complaints. Under the revised policy, users who have unresolved privacy concerns may invoke binding arbitration through TrustArc, but they no longer have contractually documented access to data correction, deletion, opt-out, or use-limitation mechanisms.
View change record →The collection of sensitive attributes including race/ethnicity, sexual orientation, disability, and religion means that users who provide this information face heightened privacy risk, particularly given that Glassdoor also shares data with employers and advertising partners.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Glassdoor has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Race/ethnicity, sexual orientation, disability, leading personality trait (e.g., introvert/extrovert), religion, marital status, parental status, veteran status. Special Category Data / Sensitive Personal Information. Characteristics of protected classifications under state or federal law. Health Data (disability status).— Excerpt from Glassdoor's Glassdoor Privacy Policy
(1) REGULATORY LANDSCAPE: GDPR Article 9 prohibits processing Special Category Data absent explicit consent or another enumerated legal basis (such as employment law obligations or the data being manifestly made public by the subject). CCPA/CPRA classifies racial/ethnic origin, sexual orientation, health data, and religious beliefs as Sensitive Personal Information, triggering rights to limit use under California Civil Code Section 1798.121. The FTC may scrutinize practices involving sensitive data under its unfair or deceptive acts authority. Relevant enforcement authorities include EU Data Protection Authorities, the UK ICO, and the California Privacy Protection Agency. (2) GOVERNANCE EXPOSURE: High. The collection of GDPR Special Category Data requires documented lawful bases for each category, and the policy's visible text does not enumerate those bases with specificity. If explicit consent is the chosen basis, consent mechanisms must be granular, freely given, and withdrawable, which requires operational audit. CPRA's Sensitive Personal Information limitation right must be operationally implemented. (3) JURISDICTION FLAGS: EU/EEA and UK users have the highest exposure under GDPR Article 9. California users have CPRA Sensitive Personal Information rights. Users in Virginia, Colorado, and other states with enacted privacy laws may have additional rights depending on those frameworks. Illinois BIPA may be engaged if any biometric data is implicated. (4) CONTRACT AND VENDOR IMPLICATIONS: Any vendor or partner receiving Special Category Data must be assessed under GDPR Article 28 data processing agreements. Employer-facing data flows involving sensitive attributes require particular scrutiny for employment discrimination risk under applicable labor and anti-discrimination law. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should map each sensitive data category to a documented GDPR Article 9 legal basis. CPRA Sensitive Personal Information opt-out mechanisms should be audited for functionality and accessibility. Data minimization principles should be applied to assess whether collection of each sensitive category is necessary for the stated service purpose.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This is among the most sensitive category of personal data under both GDPR and US state privacy laws, and its collection on a professional networking and job platform creates meaningful risk if data is misused or inadvertently disclosed to employers.
The collection of sensitive attributes including race/ethnicity, sexual orientation, disability, and religion means that users who provide this information face heightened privacy risk, particularly given that Glassdoor also shares data with employers and advertising partners.
ConductAtlas has identified this type of provision across 8 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Glassdoor.