California residents have legal rights to see what data Nintendo holds about them, request deletion of that data, and opt out of Nintendo sharing their personal information for advertising purposes, with no penalty for exercising these rights.
This analysis describes what Nintendo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
CCPA gives California residents enforceable rights over their personal data that go beyond what Nintendo extends to users in other states; if you are a California resident, you have specific mechanisms to control or delete your data.
Nintendo now explicitly discloses that it collects persistent identifiers (IP addresses, device IDs) from child users for operational, security, fraud prevention, and service improvement purposes, and states that contractual restrictions limit how service providers can use this data. Parents gain enhanced transparency by being able to view a named list of third-party games and applications authorized to access their child's account, rather than just managing access through settings. The policy also clarifies that location information may be used for check-ins at Nintendo locations and events in addition to location-based games. You can review and manage which third-party apps have access to your child's account through your Nintendo Account profile settings.
View change record →Nintendo now discloses that it uses location data not only for location-based games and friend connections, but also to enable check-ins at specific events and Nintendo locations, which is a new explicit use case. The policy now details how child user data including persistent identifiers like IP addresses and device IDs are collected and retained, with commitments to delete or de-identify data based on sensitivity and account activity. Parents can now see which third-party apps have been authorized to access their child's account before deciding whether to allow continued access, giving more visibility into connected applications.
View change record →The revised policy simplifies how Nintendo describes data retention, now stating information is retained only as long as reasonably necessary in accordance with applicable law, without prior detail about sensitivity-based retention practices. For child users, the policy no longer explicitly lists persistent identifiers (IP addresses, device identifiers) that Nintendo and service providers collect, removing specific disclosure language that previously detailed collection purposes for child accounts. The policy now indicates it collects error information from both users and devices, broadening the prior language focused on device errors only. The privacy certification body changed from CARU to ESRB, meaning independent audits and enforcement are now administered by the Entertainment Software Rating Board rather than the Children's Advertising Review Unit.
View change record →California residents can formally request to know what personal data Nintendo has collected, request deletion of that data, and opt out of the sale or sharing of their data with advertising partners, and Nintendo is legally required to respond to these requests without discriminating against you for making them.
How other platforms handle this
We may also collect your personal data from other people or companies.
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate person...
Monitoring
Nintendo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; and the right not to be discriminated against for exercising these rights. To submit a request, please visit our privacy request page or call our toll-free number.— Excerpt from Nintendo's Nintendo Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), enforced by the California Privacy Protection Agency and the California Attorney General. The CPRA expanded rights include the right to correct inaccurate personal information and the right to limit use of sensitive personal information, which may apply to payment data, precise location, and voice communications collected by Nintendo. Failure to honor opt-out requests within the required timeframe (15 business days under CCPA) creates direct regulatory exposure. GOVERNANCE EXPOSURE: Medium. Nintendo's disclosure of CCPA rights is standard practice for covered businesses, but the operational implementation of data subject request processes (DSARs) requires ongoing monitoring. The breadth of data Nintendo collects across multiple platforms (console, mobile, web, retail) means that fulfilling 'right to know' requests requires robust data mapping and retrieval capabilities across multiple systems. JURISDICTION FLAGS: California residents are the primary group with enforceable statutory rights under this provision, but comparable rights now exist under Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other state privacy laws, which may require Nintendo to extend similar rights more broadly. The provision as written applies specifically to California, but compliance teams should assess whether expanding DSAR processes to cover all state privacy law jurisdictions is operationally warranted. CONTRACT AND VENDOR IMPLICATIONS: Data sharing agreements with service providers must include CCPA-compliant contractual terms prohibiting service providers from retaining, using, or disclosing personal information outside the scope of the business relationship. Any data sharing that qualifies as a 'sale' or 'sharing' under CCPA must be disclosed and subject to opt-out, and vendor contracts should specify how opt-out signals are passed through to downstream partners. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the DSAR intake process (privacy request page and toll-free number) functions correctly, that response timelines meet statutory requirements, and that verification procedures for identity confirmation do not create unnecessary barriers. The scope of 'personal information' subject to CCPA rights should be mapped against all data Nintendo collects, including console telemetry, gameplay data, and voice recordings. Annual CCPA compliance training and updated data inventories are standard practice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
CCPA gives California residents enforceable rights over their personal data that go beyond what Nintendo extends to users in other states; if you are a California resident, you have specific mechanisms to control or delete your data.
California residents can formally request to know what personal data Nintendo has collected, request deletion of that data, and opt out of the sale or sharing of their data with advertising partners, and Nintendo is legally required to respond to these requests without discriminating against you for making them.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Nintendo.