Inference Generation and Disclosure

What it is

Midjourney states that it draws inferences about users, including conclusions about their preferences, psychological trends, behavior, and aptitude, and that these inferences are both collected and disclosed to third parties.

Why it matters (compliance & governance perspective)

The policy confirms that Midjourney generates and discloses inferences about user characteristics and behavior, which under CCPA and CPRA may be subject to specific opt-out and deletion rights beyond standard data categories.

This document changed recently

Consumer impact (what this means for users)

Midjourney states it collects and discloses inferences drawn about users, including conclusions about preferences, psychological trends, and behavior; California residents have the right to request deletion and opt out of the sharing of this category of information.

What you can do

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: Under CPRA amendments to the CCPA, inferences drawn from personal information to create a consumer profile are a defined category subject to specific consumer rights including deletion and opt-out of sharing. GDPR Article 22 and related recitals may also engage automated decision-making considerations depending on how inferences are operationalized. Enforcement authorities include the California Privacy Protection Agency and EU/UK data protection authorities. 2) GOVERNANCE EXPOSURE: Medium. The disclosure that inferences are both collected and shared with third parties triggers CPRA obligations around consumer profile data, including the right to opt out of sharing. The policy does not specify the mechanism by which inferences are generated or the third parties to whom they are disclosed, which may create gaps in required CCPA/CPRA disclosures. 3) JURISDICTION FLAGS: California residents have heightened rights under CPRA regarding consumer profile inferences. EEA and UK users may have rights to object to processing of inferences under GDPR legitimate interests grounds. Illinois and New York may also have relevant consumer protection considerations depending on the nature of inferences drawn. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should confirm whether vendor agreements address the generation and disclosure of inferences derived from organizational user activity, particularly if Midjourney services are used in professional or employment contexts where behavioral profiling of employees could raise additional legal considerations. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the policy's disclosure of inference collection and sharing satisfies CPRA's specific requirements for consumer profile data, whether a do-not-share mechanism covers this category operationally, and whether data subject rights requests for deletion extend to derived inferences stored separately from raw personal data.

Applicable agencies

Provision details

Other risks in this policy

• Use of Personal Data for Machine Learning Training medium
• Advertising and Analytics Cookie Sharing medium
• Law Enforcement Disclosure with User Notification low
• Cross-Border Data Transfer via Policy Consent medium
• CCPA Do Not Sell or Share Opt-Out medium
• GDPR and UK GDPR User Rights low