The policy states that Target collects precise geolocation data from consumers' mobile devices, described as requiring device-level permission, and categorizes this as sensitive personal information under applicable state privacy laws.
This analysis describes what Target's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Precise geolocation is classified as sensitive personal information under CPRA and analogous state statutes, requiring that consumers be provided with the right to limit its use and disclosure; this classification creates heightened consent and data minimization obligations relative to general location data.
This provision establishes that Target may collect real-time precise geolocation from consumers' mobile devices when device-level permission is granted; under CPRA and analogous state statutes, consumers have the right to limit Target's use and disclosure of this sensitive personal information.
How other platforms handle this
Geolocation Information
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Target has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Precise geolocation, such as your real-time location collected from your mobile device with your permission.— Excerpt from Target's Target Privacy Policy
1. REGULATORY LANDSCAPE: Precise geolocation is expressly enumerated as sensitive personal information under CPRA and analogous statutes in Colorado, Connecticut, Virginia, and Texas. CPRA requires businesses to provide a 'Limit the Use of My Sensitive Personal Information' disclosure and honor such requests. The FTC has issued guidance indicating that precise geolocation data warrants heightened protection. The FTC Act applies to deceptive representations about location data collection and use. 2. GOVERNANCE EXPOSURE: Medium. The policy states collection is conditioned on device-level permission, which aligns with mobile operating system consent requirements (iOS and Android). However, the scope of downstream use of location data — including use for advertising targeting, loyalty program personalization, and analytics — requires evaluation to confirm it falls within the purposes disclosed at the time of consent. 3. JURISDICTION FLAGS: California creates the most defined exposure through CPRA's sensitive personal information framework. Colorado, Virginia, and Connecticut impose analogous obligations. Illinois does not have a specific geolocation statute but location data intersects with broader consumer fraud authority. The FTC has brought enforcement actions against companies for misleading location data collection and use practices. 4. CONTRACT AND VENDOR IMPLICATIONS: If precise geolocation data is shared with analytics or advertising vendors, those sharing relationships require evaluation to confirm they comply with sensitive personal information restrictions under CPRA and do not constitute unauthorized sale or sharing. Vendor contracts should specify permitted uses of location data and require deletion upon contract termination. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether: location data is used only for purposes disclosed at the point of consent; the 'Limit the Use of My Sensitive Personal Information' mechanism is implemented and functional; location data retention periods are defined and enforced; and location data sharing with advertising partners is suspended for consumers who have submitted sensitive personal information limitation requests.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Precise geolocation is classified as sensitive personal information under CPRA and analogous state statutes, requiring that consumers be provided with the right to limit its use and disclosure; this classification creates heightened consent and data minimization obligations relative to general location data.
This provision establishes that Target may collect real-time precise geolocation from consumers' mobile devices when device-level permission is granted; under CPRA and analogous state statutes, consumers have the right to limit Target's use and disclosure of this sensitive personal information.
ConductAtlas has identified this type of provision across 6 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Target.