PayPal states it may use your personal information to train its AI systems and applies automated decision-making to assess fraud risk and manage service delivery, which may affect decisions made about your account.
This analysis describes what PayPal's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision discloses that personal information, including financial and transaction data, is used to train AI models, and that automated decision-making is applied to fraud and risk assessments that may have consequences for account access and service availability.
Interpretive note: The provision does not specify the categories of personal information used specifically for AI model training versus operational AI use, and the mechanism for EU/UK users to exercise GDPR Article 22 rights is not fully described within the reviewed document text.
Under this provision, PayPal may use your transaction history, financial data, and other personal information as training data for AI models; automated decisions based on this AI may affect your account status, product eligibility, and fraud risk classification, with objection rights available primarily to EU and UK users under GDPR.
How other platforms handle this
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
PayPal has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"AI and Automated Decision Making. We may use Personal Information to train our artificial intelligence (AI) models that power our Services and help us deliver more secure, efficient, and personalized services. PayPal also uses Automated Decision Making to provide our products and Services, conduct risk analysis, fraud prevention and risk management to protect our customers and business, including to prevent fraud against our Partners and Merchants and strategic ventures.— Excerpt from PayPal's PayPal Privacy Statement
REGULATORY LANDSCAPE: This provision implicates GDPR Articles 13, 14, 22 (automated decision-making and profiling with legal or similarly significant effects) for EU and UK users, and engages the EU AI Act where AI systems are used in high-risk categories such as creditworthiness assessment and identity verification. The relevant enforcement authorities are national supervisory authorities under GDPR and the European AI Office under the EU AI Act. For US users, the FTC has issued guidance on AI and automated decision-making in consumer financial services contexts, and the CFPB has addressed algorithmic decision-making in credit-related products. GOVERNANCE EXPOSURE: High. The use of personal information to train AI models, combined with automated decision-making that affects fraud classification and risk management, creates compounded compliance obligations. GDPR Article 22 requires that users subject to solely automated decisions with legal or similarly significant effects have the right to obtain human review, express their point of view, and receive an explanation; this provision does not specify the mechanism by which these rights can be exercised within the document text reviewed. JURISDICTION FLAGS: EU and UK users have the most clearly defined rights under GDPR Article 22. California users may have rights under CPRA relating to automated decision-making and profiling. The EU AI Act creates additional obligations for high-risk AI systems, including those used in credit and identity verification contexts, which may apply to PayPal's AI model use cases as described in this provision. CONTRACT AND VENDOR IMPLICATIONS: If third-party AI providers are used to train or operate AI models on PayPal's behalf, data processing agreements under GDPR Article 28 should address the specific purposes of AI training and restrict secondary use. The document states that service provider contracts prohibit use of data for service providers' own benefit, but procurement teams should verify that AI vendors are specifically covered and that model output is not retained by vendors for their own AI training. COMPLIANCE CONSIDERATIONS: Compliance teams should (1) document the legal basis for AI model training using personal information under each applicable jurisdiction, distinguishing training from operational use; (2) assess whether automated decisions affecting fraud classification or account access constitute decisions with legal or similarly significant effects under GDPR Article 22 and implement required safeguards; (3) review EU AI Act risk classifications for PayPal's AI use cases and confirm compliance timelines; and (4) audit whether GDPR Article 22 objection and human review mechanisms are accessible and documented for affected EU and UK users.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision discloses that personal information, including financial and transaction data, is used to train AI models, and that automated decision-making is applied to fraud and risk assessments that may have consequences for account access and service availability.
Under this provision, PayPal may use your transaction history, financial data, and other personal information as training data for AI models; automated decisions based on this AI may affect your account status, product eligibility, and fraud risk classification, with objection rights available primarily to EU and UK users under GDPR.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by PayPal.