Precise Geolocation Collection

What it is

If you have location services enabled on your phone, Target may collect your precise real-time location through the Target app to show you nearby stores, check inventory, and serve location-based ads.

Why it matters (compliance & governance perspective)

Precise geolocation data is classified as sensitive personal information under several state privacy laws and can reveal sensitive details about your daily movements, routines, and personal activities beyond what is necessary for core retail functions.

Consumer impact (what this means for users)

Allowing the Target app to access your precise location means Target may track your real-time physical movements and use that data for advertising purposes in addition to store-finding features. Under CPRA and similar state laws, precise geolocation is classified as sensitive personal information with enhanced opt-out or opt-in rights.

What you can do

Institutional analysis (Compliance & governance intelligence)

1. REGULATORY LANDSCAPE: Precise geolocation is classified as sensitive personal information under the CPRA, requiring businesses to offer consumers the right to limit its use and disclosure. The California Privacy Protection Agency enforces this requirement. The Washington My Health MY Data Act treats geolocation data associated with health-related activities as consumer health data subject to consent requirements. The FTC has issued guidance and enforcement actions regarding deceptive geolocation data practices. 2. GOVERNANCE EXPOSURE: Medium to High. The use of precise geolocation for advertising purposes, as opposed to purely operational uses such as store location, is a use case that regulators have scrutinized. The policy discloses this practice, which mitigates deception risk, but the adequacy of the opt-out mechanism for this sensitive data category requires verification under CPRA's limit-use right. 3. JURISDICTION FLAGS: California requires a clear mechanism for consumers to limit the use of sensitive personal information including precise geolocation. Washington's My Health MY Data Act may apply if geolocation data is used in connection with health-related retail categories such as pharmacy or wellness products. Illinois and other states with emerging comprehensive privacy laws may create additional obligations as those frameworks take effect. 4. CONTRACT AND VENDOR IMPLICATIONS: Any third-party analytics or advertising vendors receiving precise geolocation data should be assessed as processors or service providers under applicable state law. Data processing agreements should restrict geolocation data use to disclosed purposes and prohibit secondary sale or use. 5. COMPLIANCE CONSIDERATIONS: The compliance team should confirm that the app-level permission request for location access is accompanied by a clear explanation of all uses including advertising, and that device-level permission alone is not treated as sufficient consent for all downstream data uses. The limit-use mechanism for sensitive personal information under CPRA should specifically encompass precise geolocation used for advertising.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Biometric Data Collection high
• Roundel Retail Media Advertising Network high
• Third-Party Data Sources and Data Brokers medium
• California and State-Specific Opt-Out Rights medium
• Children's Privacy and Age Restrictions low
• Data Retention Practices medium

Related Analysis

• Netflix Updated Terms Authorize Voice Data Collection: April 2026

  Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.

• What Google Actually Knows About You

  Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.