Target buys or receives information about you from outside sources like data brokers and social media platforms, and combines it with what it already knows about you to build a more detailed profile for marketing and advertising.
This analysis describes what Target's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data broker sourcing means Target's profile of you may include information you never directly provided to Target, which can expand the scope of behavioral targeting significantly beyond what most consumers expect from a retailer relationship.
Interpretive note: The policy identifies categories of third-party sources at a general level; whether the specificity of disclosure is sufficient to satisfy consumer rights requests under CPRA may depend on regulatory interpretation and enforcement guidance.
Target may combine your first-party shopping data with third-party data broker information to create a more comprehensive consumer profile used for advertising, which means information about you from sources you may not be aware of is influencing how you are targeted. This practice is common in the retail industry but is specifically regulated under CPRA and analogous state laws, where consumers have a right to know what categories of personal information have been collected and from what sources.
Cross-platform context
See how other platforms handle Third-Party Data Sources and Data Brokers and similar clauses.
Compare across platforms →Monitoring
Target has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may receive information about you from other sources and combine that information with information we have collected about you. For example, we may receive information about you from third parties such as social media platforms, data brokers, and marketing partners to help us improve our services, better understand our guests, and provide more relevant advertising.— Excerpt from Target's Target Privacy Policy
1. REGULATORY LANDSCAPE: CPRA requires disclosure of the categories of personal information collected and the categories of sources from which it is obtained; consumers have the right to request this information. The FTC Act applies to material omissions about the use of third-party data. State attorneys general in California and other comprehensive privacy law states have authority to enforce data sourcing disclosure requirements. The FTC's Commercial Surveillance rulemaking has specifically addressed data broker practices. 2. GOVERNANCE EXPOSURE: Medium. The disclosure of data broker sourcing is compliant with CPRA's transparency requirement in principle, but the adequacy of the disclosure depends on whether the categories of data received from brokers and the purposes for which each category is used are sufficiently specified to satisfy consumer rights requests. 3. JURISDICTION FLAGS: California consumers have the right to know the specific categories of personal information collected and the categories of sources, not just a general reference to data brokers. Virginia and Colorado privacy laws similarly require disclosure of data sources in response to consumer access requests. The EU and UK GDPR would require that data received from third parties be processed under a lawful basis and that consumers be notified, but the policy does not clearly address how GDPR obligations are met for third-party sourced data. 4. CONTRACT AND VENDOR IMPLICATIONS: Contracts with data brokers should include representations and warranties that the data provided was collected lawfully and with appropriate consumer notice. Due diligence on data broker vendors should include review of their own privacy policies and applicable legal proceedings. 5. COMPLIANCE CONSIDERATIONS: The compliance team should maintain a data inventory that maps each third-party data source to the categories of information received and the downstream uses, to enable complete and accurate responses to consumer access requests. The policy's reference to 'data brokers' as a category of source should be assessed against CPRA's definition of data broker to determine whether Target itself qualifies for registration under California's data broker registry law.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data broker sourcing means Target's profile of you may include information you never directly provided to Target, which can expand the scope of behavioral targeting significantly beyond what most consumers expect from a retailer relationship.
Target may combine your first-party shopping data with third-party data broker information to create a more comprehensive consumer profile used for advertising, which means information about you from sources you may not be aware of is influencing how you are targeted. This practice is common in the retail industry but is specifically regulated under CPRA and analogous state laws, where …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Target.