Nintendo shares your personal data with advertising partners to deliver targeted ads both on Nintendo's own platforms and on other websites and apps; you can opt out but the default is opt-in.
This analysis describes what Nintendo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The default opt-in structure means your data is shared with advertising partners unless you actively change your settings; this sharing may qualify as a 'sale' or 'sharing' of personal information under California law, giving California residents specific rights.
Interpretive note: Whether the opt-out mechanism satisfies GDPR consent requirements for EU users is uncertain; GDPR generally requires opt-in consent for behavioral advertising, which an opt-out default does not satisfy.
Nintendo now explicitly discloses that it collects persistent identifiers (IP addresses, device IDs) from child users for operational, security, fraud prevention, and service improvement purposes, and states that contractual restrictions limit how service providers can use this data. Parents gain enhanced transparency by being able to view a named list of third-party games and applications authorized to access their child's account, rather than just managing access through settings. The policy also clarifies that location information may be used for check-ins at Nintendo locations and events in addition to location-based games. You can review and manage which third-party apps have access to your child's account through your Nintendo Account profile settings.
View change record →Nintendo now discloses that it uses location data not only for location-based games and friend connections, but also to enable check-ins at specific events and Nintendo locations, which is a new explicit use case. The policy now details how child user data including persistent identifiers like IP addresses and device IDs are collected and retained, with commitments to delete or de-identify data based on sensitivity and account activity. Parents can now see which third-party apps have been authorized to access their child's account before deciding whether to allow continued access, giving more visibility into connected applications.
View change record →The revised policy simplifies how Nintendo describes data retention, now stating information is retained only as long as reasonably necessary in accordance with applicable law, without prior detail about sensitivity-based retention practices. For child users, the policy no longer explicitly lists persistent identifiers (IP addresses, device identifiers) that Nintendo and service providers collect, removing specific disclosure language that previously detailed collection purposes for child accounts. The policy now indicates it collects error information from both users and devices, broadening the prior language focused on device errors only. The privacy certification body changed from CARU to ESRB, meaning independent audits and enforcement are now administered by the Entertainment Software Rating Board rather than the Children's Advertising Review Unit.
View change record →Unless you actively opt out, Nintendo shares data about your activity with third-party advertising partners who may use it to target you with ads across other platforms and websites, not just on Nintendo services.
How other platforms handle this
Sending you information about Adobe products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes, where your consent is not required; In some cases, in order to show you more relevant ads, we disclose with social medi...
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...
Monitoring
Nintendo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your information with advertising partners to provide you with targeted advertisements and other marketing content on our services and on third-party services. You may opt out of interest-based advertising by adjusting your account settings or by using industry opt-out tools.— Excerpt from Nintendo's Nintendo Privacy Policy
REGULATORY LANDSCAPE: This provision most directly engages the CCPA and its amendment (CPRA), which define the 'sharing' of personal information for cross-context behavioral advertising as a regulated activity requiring an opt-out mechanism; the California Privacy Protection Agency enforces these requirements. GDPR requires a valid lawful basis for processing personal data for advertising, with consent being the required basis for non-essential cookie-based or behavioral advertising targeting EU users; an opt-out mechanism alone is unlikely to satisfy GDPR Article 6 consent requirements. The FTC Act Section 5 applies to the accuracy and prominence of disclosures about data sharing with advertising partners. GOVERNANCE EXPOSURE: Medium to High. The opt-out rather than opt-in default for interest-based advertising creates compliance risk under GDPR for EU users and requires verified opt-out infrastructure for California residents under CCPA. The breadth of 'advertising partners' is not enumerated in the policy, which may limit transparency for data mapping purposes. JURISDICTION FLAGS: California residents have a statutory right to opt out of the sale or sharing of personal information, which Nintendo must honor promptly. EU/EEA users require affirmative consent (opt-in) for behavioral advertising under GDPR, creating a structural tension with the opt-out default described in this policy. Additional state privacy laws (Virginia, Colorado, Connecticut, Texas) with similar opt-out rights for targeted advertising may also apply. CONTRACT AND VENDOR IMPLICATIONS: Data sharing agreements with advertising partners should specify the permissible purposes for which shared data may be used, prohibit onward sale or further sharing without notice, and include provisions for honoring opt-out signals (including Global Privacy Control signals as required under CCPA). Vendor due diligence should verify that advertising partners maintain adequate data security and comply with applicable privacy frameworks. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Nintendo's opt-out mechanism covers all forms of data sharing that qualify as 'sale' or 'sharing' under CCPA and comparable state laws, and that the mechanism responds to Global Privacy Control browser signals as required. A data flow mapping exercise should identify which specific data elements are shared with advertising partners and on what contractual basis. The adequacy of disclosures to users at the point of account creation regarding advertising data sharing should be assessed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The default opt-in structure means your data is shared with advertising partners unless you actively change your settings; this sharing may qualify as a 'sale' or 'sharing' of personal information under California law, giving California residents specific rights.
Unless you actively opt out, Nintendo shares data about your activity with third-party advertising partners who may use it to target you with ads across other platforms and websites, not just on Nintendo services.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Nintendo.