Target · Target Privacy Policy · View original document ↗

Third-Party Data Sources and Data Brokers

Medium severity Medium confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Target recorded 66 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Target Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Target buys or receives information about you from outside sources like data brokers and social media platforms, and combines it with what it already knows about you to build a more detailed profile for marketing and advertising.

This analysis describes what Target's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Data broker sourcing means Target's profile of you may include information you never directly provided to Target, which can expand the scope of behavioral targeting significantly beyond what most consumers expect from a retailer relationship.

Interpretive note: The policy identifies categories of third-party sources at a general level; whether the specificity of disclosure is sufficient to satisfy consumer rights requests under CPRA may depend on regulatory interpretation and enforcement guidance.

Clause Stability Stable

0
Changes
3
Months Monitored
May 10, 2026
First Seen
May 20, 2026
Last Seen
This clause type exists across 1153 other provisions on other platforms.

Consumer impact (what this means for users)

Target may combine your first-party shopping data with third-party data broker information to create a more comprehensive consumer profile used for advertising, which means information about you from sources you may not be aware of is influencing how you are targeted. This practice is common in the retail industry but is specifically regulated under CPRA and analogous state laws, where consumers have a right to know what categories of personal information have been collected and from what sources.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Navigate to Target's privacy policy page and submit a data access request. Select the option to know what personal information has been collected, including the categories of sources from which it was obtained.

How other platforms handle this

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Skillshare Medium

We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...

Bumble Medium

We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.

See all platforms with this clause type →

Monitoring

Target has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We may receive information about you from other sources and combine that information with information we have collected about you. For example, we may receive information about you from third parties such as social media platforms, data brokers, and marketing partners to help us improve our services, better understand our guests, and provide more relevant advertising.

— Excerpt from Target's Target Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1. REGULATORY LANDSCAPE: CPRA requires disclosure of the categories of personal information collected and the categories of sources from which it is obtained; consumers have the right to request this information. The FTC Act applies to material omissions about the use of third-party data. State attorneys general in California and other comprehensive privacy law states have authority to enforce data sourcing disclosure requirements. The FTC's Commercial Surveillance rulemaking has specifically addressed data broker practices. 2. GOVERNANCE EXPOSURE: Medium. The disclosure of data broker sourcing is compliant with CPRA's transparency requirement in principle, but the adequacy of the disclosure depends on whether the categories of data received from brokers and the purposes for which each category is used are sufficiently specified to satisfy consumer rights requests. 3. JURISDICTION FLAGS: California consumers have the right to know the specific categories of personal information collected and the categories of sources, not just a general reference to data brokers. Virginia and Colorado privacy laws similarly require disclosure of data sources in response to consumer access requests. The EU and UK GDPR would require that data received from third parties be processed under a lawful basis and that consumers be notified, but the policy does not clearly address how GDPR obligations are met for third-party sourced data. 4. CONTRACT AND VENDOR IMPLICATIONS: Contracts with data brokers should include representations and warranties that the data provided was collected lawfully and with appropriate consumer notice. Due diligence on data broker vendors should include review of their own privacy policies and applicable legal proceedings. 5. COMPLIANCE CONSIDERATIONS: The compliance team should maintain a data inventory that maps each third-party data source to the categories of information received and the downstream uses, to enable complete and accurate responses to consumer access requests. The policy's reference to 'data brokers' as a category of source should be assessed against CPRA's definition of data broker to determine whether Target itself qualifies for registration under California's data broker registry law.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over data broker practices and unfair or deceptive representations about data sourcing under Section 5 of the FTC Act
    File a complaint →
  • State AG
    California's Privacy Protection Agency and other state attorneys general have enforcement authority over disclosure obligations related to third-party data sources under applicable state privacy laws
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Target Privacy Policy
Entity
Target
Document last updated
May 5, 2026
Tracking information
First tracked
May 10, 2026
Last verified
May 10, 2026
Record ID
CA-P-008956
Document ID
CA-D-00260
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
2ada96ab96828e67aca9fbda0574b799477f7b5740302a307f04ec582983a272
Analysis generated
May 10, 2026 13:05 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Target
Document: Target Privacy Policy
Record ID: CA-P-008956
Captured: 2026-05-10 13:05:34 UTC
SHA-256: 2ada96ab96828e67…
URL: https://conductatlas.com/platform/target/target-privacy-policy/third-party-data-sources-and-data-brokers/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Target's Third-Party Data Sources and Data Brokers clause do?

Data broker sourcing means Target's profile of you may include information you never directly provided to Target, which can expand the scope of behavioral targeting significantly beyond what most consumers expect from a retailer relationship.

How does this clause affect you?

Target may combine your first-party shopping data with third-party data broker information to create a more comprehensive consumer profile used for advertising, which means information about you from sources you may not be aware of is influencing how you are targeted. This practice is common in the retail industry but is specifically regulated under CPRA and analogous state laws, where …

Is ConductAtlas affiliated with Target?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Target.