The policy authorizes Medium and third-party partners to use cookies, web beacons, and similar technologies to collect usage information and deliver targeted advertising, and permits third parties to independently collect information about user online activities through these technologies on Medium's platform.
This analysis describes what Medium's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that third-party tracking for targeted advertising is permitted on Medium's platform, which engages GDPR consent requirements under the ePrivacy Directive and CCPA opt-out obligations for cross-context behavioral advertising under CPRA.
Expanded to explicitly mention third-party partners' use of tracking technologies, web beacons, targeted advertising, and third-party data collection; removed reference to Cookie Policy.
View full change record →Under this clause, third-party partners may place tracking technologies on users' devices to collect browsing and activity data for targeted advertising; users in the EU must be provided with consent mechanisms, and California residents may opt out of this sharing as defined under CPRA.
How other platforms handle this
We use cookies and similar tracking technologies (collectively, "Cookies") to enhance your experience on our Platform... We may use Cookies for purposes such as recognizing you when you log in, remembering your preferences, delivering advertising to you on third-party websites, understanding how you...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Medium has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We and our third-party partners may use cookies, web beacons, and similar tracking technologies to collect information about your use of our Services and to deliver targeted advertising to you. We also allow third parties to collect information about your online activities through cookies and other tracking technologies.— Excerpt from Medium's Medium Privacy Policy
1. REGULATORY LANDSCAPE: The EU ePrivacy Directive requires informed consent prior to placing non-essential cookies on user devices, implemented through national laws across EU member states. GDPR Article 6 applies to personal data collected through tracking technologies. CCPA/CPRA treats cross-context behavioral advertising as 'sharing' requiring an opt-out mechanism. The FTC has authority over deceptive tracking practices for US users. 2. GOVERNANCE EXPOSURE: Medium. The policy's authorization of third-party data collection through cookies for targeted advertising creates joint liability considerations under GDPR, as established in CJEU case law regarding website operators' responsibility for third-party cookies (Planet49 judgment). Medium's cookie consent mechanism must satisfy EU ePrivacy and GDPR consent standards. 3. JURISDICTION FLAGS: EU and EEA users have heightened exposure due to ePrivacy Directive and GDPR consent requirements. California users' cross-context behavioral advertising opt-out obligations engage CPRA. Illinois BIPA does not directly apply unless biometric data is collected through tracking technologies. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations embedding Medium content or using Medium APIs should assess whether Medium's third-party cookie practices create compliance obligations on their own properties under applicable cookie consent laws. 5. COMPLIANCE CONSIDERATIONS: Legal teams should verify that Medium's cookie consent management platform (CMP) meets the technical and operational standards required by EU supervisory authorities, including granular consent per cookie category. CPRA compliance requires that the opt-out of sharing for behavioral advertising be honored for California users' cookie-based data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that third-party tracking for targeted advertising is permitted on Medium's platform, which engages GDPR consent requirements under the ePrivacy Directive and CCPA opt-out obligations for cross-context behavioral advertising under CPRA.
Under this clause, third-party partners may place tracking technologies on users' devices to collect browsing and activity data for targeted advertising; users in the EU must be provided with consent mechanisms, and California residents may opt out of this sharing as defined under CPRA.
ConductAtlas has identified this type of provision across 79 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Medium.