Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'Automated tracking and device fingerprinting without adequate disclosure falls under FTC Act Section 5 unfair or deceptive practices jurisdiction.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Automated Data Collection and Tracking Technologies clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Automated Data Collection and Tracking Technologies — OpenAI

Share 𝕏 Share in Share

What it is

OpenAI automatically collects technical information about your device, browser, IP address, and browsing behaviour using cookies and tracking technologies whenever you use its services.

Consumer impact (what this means for users)

Simply visiting OpenAI's website or using ChatGPT results in automatic collection of your IP address, device information, and usage patterns, which can be used to build a behavioural profile even if you never create an account.

How other platforms handle this

WhatsApp Medium

Location Information. We collect and use precise location information from your device when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or those others have shared with you. There are certain settings relating t...

Uber Medium

Account information. We collect data when you create or update your Uber account. ... Banking information ... Payment ... Processing payments and enabling payment and e-money products such as Uber Cash and Uber Money.

Apple Medium

Location information. Precise location only with your permission — for example, for features like Find My or Maps. Some location-related functionality uses Wi-Fi, Bluetooth, and cell tower locations, as well as GPS. Location can also be inferred from other data such as an IP address.

See all platforms with this clause type →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The automatic collection of IP addresses, device fingerprints, and browsing patterns creates a detailed profile of users' technical environment even before they create an account or submit any content, with limited transparency about how long this data is retained or how it is used for profiling.

View original clause language

We automatically collect certain information from your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Service, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Service, and information about how you interact with the Service. We may also use tracking technologies such as cookies, web beacons, and similar technologies to collect information about your use of the Services.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: GDPR Art. 6 (lawful basis for automatic data collection), Recital 30 (online identifiers as personal data), and the ePrivacy Directive 2002/58/EC (cookie consent requirements). CCPA §1798.140(v) defines 'personal information' to include IP addresses and browsing history. The UK PECR (Privacy and Electronic Communications Regulations) governs cookie use independently of UK GDPR. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

Automated tracking and device fingerprinting without adequate disclosure falls under FTC Act Section 5 unfair or deceptive practices jurisdiction.
File a complaint →

Applicable regulations

United States Federal

CAN-SPAM

United States Federal

DMA

European Union

FCRA

United States Federal

GDPR

European Union

GLBA

United States Federal

HIPAA

United States Federal

TCPA

United States Federal

UK GDPR

United Kingdom

Provision details

Document information

Document

OpenAI Privacy Policy

Entity

OpenAI

Document last updated

March 24, 2026

Tracking information

First tracked

March 6, 2026

Last verified

April 10, 2026

Record ID

CA-P-002670

Document ID

CA-D-00010

Evidence Provenance

Source URL

https://openai.com/policies/privacy-policy

Wayback Machine

View archived versions →

SHA-256

90ad72975ac0d9d86d724561a29d464c061ec09345abf2fde0eccd43d6205bcf

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: OpenAI | Document: OpenAI Privacy Policy | Record: CA-P-002670
Captured: 2026-03-06 20:23:45 UTC | SHA-256: 90ad72975ac0d9d8…
URL: https://conductatlas.com/platform/openai/openai-privacy-policy/automated-data-collection-and-tracking-technologies/
Accessed: April 29, 2026

Classification

Severity

Medium

Automated Data Collection and Tracking Technologies

What it is

Consumer impact (what this means for users)

Why it matters (compliance & risk perspective)

Institutional analysis (Compliance & legal intelligence)

Applicable agencies

Applicable regulations

Provision details

Other provisions in this document

Related Analysis