The policy enumerates six specific rights for California residents under CCPA/CPRA and states that residents of additional states including Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and others receive analogous rights under applicable state statutes, with a consolidated state rights table referenced.
This analysis describes what Target's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes Target's stated compliance posture under CCPA/CPRA and analogous multi-state privacy frameworks; it creates operational obligations including response timelines, non-discrimination requirements, and appeal procedures that must be implemented and auditable to satisfy regulatory expectations.
This provision establishes that California residents hold six enumerated privacy rights under CCPA/CPRA and that residents of at least eight additional states hold analogous rights under state law; consumers in covered states may submit requests through Target's privacy portal at privacyportal.target.com or by calling 1-800-440-0680.
How other platforms handle this
If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate person...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
We may also collect your personal data from other people or companies.
Monitoring
Target has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure of your sensitive personal information. Not be discriminated against for exercising these rights.— Excerpt from Target's Target Privacy Policy
1. REGULATORY LANDSCAPE: This provision is governed by CCPA as amended by CPRA, enforced by the California Privacy Protection Agency and California Attorney General. Analogous obligations arise under the Colorado Privacy Act, Connecticut Data Privacy Act, Virginia Consumer Data Protection Act, Texas Data Privacy and Security Act, Oregon Consumer Privacy Act, Montana Consumer Data Privacy Act, and Utah Consumer Privacy Act. Each statute imposes specific response timelines, appeal rights, and prohibited discrimination provisions that may differ in scope and enforcement posture. 2. GOVERNANCE EXPOSURE: Medium. The policy's enumeration of rights establishes consumer-facing commitments that must be operationally supported by functional request intake systems, identity verification procedures, response timelines (45 days under most statutes with one 45-day extension), and documented appeal processes. Failure to operationalize these rights consistently across all covered jurisdictions creates regulatory exposure. 3. JURISDICTION FLAGS: California creates the most active enforcement exposure given CPPA enforcement history and the CPRA's expanded rights including sensitive personal information limitation and correction rights. Texas, Colorado, and Connecticut have active enforcement postures. The non-discrimination provision prohibits denying goods, services, or price differences to consumers exercising privacy rights, which requires review of any loyalty program structures that condition benefits on data sharing. 4. CONTRACT AND VENDOR IMPLICATIONS: Target's exercise of consumer rights (particularly deletion) requires downstream data deletion obligations in vendor and service provider contracts. Service providers and contractors must confirm they can honor deletion requests propagated from Target within required timelines. B2B contracts with data recipients should specify deletion cascade obligations. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether: the privacy request portal is accessible, functional, and audited for response time compliance; identity verification procedures are calibrated to avoid being unnecessarily burdensome while preventing fraudulent requests; appeal procedures are documented and disclosed; the loyalty program's benefit structure does not condition material benefits on waiver of privacy rights in violation of non-discrimination requirements; and multi-state response workflows are differentiated where statutes impose varying timelines or right scopes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 10 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes Target's stated compliance posture under CCPA/CPRA and analogous multi-state privacy frameworks; it creates operational obligations including response timelines, non-discrimination requirements, and appeal procedures that must be implemented and auditable to satisfy regulatory expectations.
This provision establishes that California residents hold six enumerated privacy rights under CCPA/CPRA and that residents of at least eight additional states hold analogous rights under state law; consumers in covered states may submit requests through Target's privacy portal at privacyportal.target.com or by calling 1-800-440-0680.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Target.