What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://usa.visa.com/legal/privacy-policy.html', 'difficulty': 'EASY', 'action_type': 'OPT_OUT_ARBITRATION', 'instructions': "California residents can opt out of cross-context behavioral advertising by clicking 'Do Not Sell or Share My Personal Information' on Visa's website, or by enabling a Global Privacy Control (GPC) signal in your browser.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has enforcement authority over deceptive or unfair tracking and targeted advertising practices under Section 5 of the FTC Act and has issued specific guidance on cross-site tracking and commercial surveillance.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': "The California Privacy Protection Agency and California AG enforce CPRA requirements for cookie-based 'sharing' for cross-context behavioral advertising, including GPC signal honoring obligations.", 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Use of Cookies and Tracking Technologies clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Use of Cookies and Tracking Technologies clauses across approximately 4 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Use of Cookies and Tracking Technologies — Visa

Share 𝕏 Share in Share 🔒 PDF

What it is

Visa and its partners use cookies and tracking tools on websites and apps to monitor your online behavior — including on third-party sites — and to target you with advertising.

Consumer impact (what this means for users)

Visa tracks your browsing behavior across third-party websites and uses this data for targeted advertising, which California residents can opt out of and which EU/UK users may need to consent to under cookie consent laws.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Opt Out of Arbitration

California residents can opt out of cross-context behavioral advertising by clicking 'Do Not Sell or Share My Personal Information' on Visa's website, or by enabling a Global Privacy Control (GPC) signal in your browser.

How other platforms handle this

Apple Medium

Customers should know what they're getting when they download or buy your app, so make sure all your app metadata, including privacy information, your app description, screenshots, and previews accurately reflect the app's core experience and remember to keep them up-to-date with new versions.

Public.com Medium

We, and our analytics and advertising providers, use these technologies to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our Services, including personal information about your onlin...

Stash Medium

Stash does not respond to general web browser "Do Not Track" settings and/or signals.

See all platforms with this clause type →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Cross-site tracking by a major financial network like Visa extends surveillance of consumer behavior well beyond the Visa website itself, and may constitute 'sharing' of personal information for targeted advertising purposes under CCPA/CPRA.

View original clause language

We and our service providers use cookies, web beacons, pixels, and other tracking technologies to collect information about your interactions with our websites and apps, as well as third-party websites and apps. This information may be used to provide targeted advertising to you.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates CCPA/CPRA's definition of 'sharing' for cross-context behavioral advertising (Cal. Civ. Code §1798.140(ah)), requiring an opt-out mechanism; the EU ePrivacy Directive (2002/58/EC, as amended) and member state cookie laws requiring prior consent for non-essential cookies; GDPR Art. 6(1)(a) for consent-based processing of browsing data; UK PECR (Privacy and Electronic Communications Regulations 2003) for UK users; and FTC Act Section 5 for deceptive tracking practices. The CPPA's enforcement guidance on cookies and the FTC's 2022 policy statement on commercial surveillance are directly relevant.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has enforcement authority over deceptive or unfair tracking and targeted advertising practices under Section 5 of the FTC Act and has issued specific guidance on cross-site tracking and commercial surveillance.
File a complaint →
State AG

The California Privacy Protection Agency and California AG enforce CPRA requirements for cookie-based 'sharing' for cross-context behavioral advertising, including GPC signal honoring obligations.
File a complaint →

Applicable regulations

United States Federal

CAN-SPAM

United States Federal

DMA

European Union

FCRA

United States Federal

GDPR

European Union

GLBA

United States Federal

HIPAA

United States Federal

TCPA

United States Federal

UK GDPR

United Kingdom

Provision details

Document information

Document

Visa Privacy Notice

Entity

Visa

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-002664

Document ID

CA-D-00114

Evidence Provenance

Source URL

https://usa.visa.com/legal/privacy-policy.html

Wayback Machine

View archived versions →

SHA-256

0f3b20918fcde3434b1eb83f3ef5b6abd53b678f83f5a8ee823c96cbbe17c540

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Visa | Document: Visa Privacy Notice | Record: CA-P-002664
Captured: 2026-04-27 12:33:46 UTC | SHA-256: 0f3b20918fcde343…
URL: https://conductatlas.com/platform/visa/visa-privacy-notice/use-of-cookies-and-tracking-technologies/
Accessed: April 29, 2026

Classification

Severity

Medium

Use of Cookies and Tracking Technologies

What it is

Consumer impact (what this means for users)

What you can do

Why it matters (compliance & risk perspective)

Institutional analysis (Compliance & legal intelligence)

Applicable agencies

Applicable regulations

Provision details

Other provisions in this document

Related Analysis