What are the institutional and regulatory implications of this document?

1. REGULATORY LANDSCAPE: This policy engages the California Consumer Privacy Act (CCPA) as amended by the CPRA, which grants California residents rights to know, delete, correct, and opt out of sale or sharing of personal information; the FTC Act as enforced by the Federal Trade Commission regarding unfair or deceptive data practices; and HIPAA as enforced by HHS Office for Civil Rights to the extent Walgreens operates as a covered entity in its pharmacy and health services context. The policy'…

How does Walgreens's Walgreens Privacy Policy affect users?

The policy authorizes Walgreens to collect identifiers, health and pharmacy data, purchase history, device and browsing activity, and location-related data, and to share these categories with advertising, analytics, affiliate, and third-party partners. Under these terms, certain data sharing is disclosed as potentially constituting a sale or sharing for cross-context behavioral advertising under California law, which triggers opt-out rights for California residents. You can opt out of the sale …

How often is Walgreens's Walgreens Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Walgreens updates this document?

Yes. Monitor subscribers ($19/month) can add Walgreens to their watchlist and receive same-day email alerts whenever this document or any other Walgreens document changes.

CA-D-000607

Walgreens Privacy Policy

Walgreens

Last change detected June 9, 2026 Privacy policy

SHA-256: 227324cbd325874ffc2… 4 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Walgreens ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

4 High severity

3 Medium severity

1 Low severity

Summary

This is Walgreens' privacy policy covering its website, mobile app, pharmacy, and retail services, describing how the company collects and uses personal information including prescription history, health data, purchase history, device identifiers, and location data. The policy states that Walgreens shares personal information with advertising and analytics partners and discloses that certain data sharing may constitute a 'sale' or 'sharing for targeted advertising' under California law, with opt-out rights available to California residents. The policy also describes the collection of sensitive categories including health and pharmacy information and states that some data may be used to deliver targeted advertising based on browsing and purchase activity.

Technical / Legal Breakdown

This document is Walgreens' publicly accessible privacy policy governing the collection, use, and sharing of personal information across its retail pharmacy website, mobile applications, and related services. The policy states that Walgreens collects identifiers, contact information, health and pharmacy data, financial information, device and browsing activity, location data, and inferences drawn from these categories; the terms authorize sharing this data with advertising partners, analytics providers, social media platforms, data brokers acting as service providers, and affiliates. Notably, the policy discloses sharing of certain personal data that may qualify as a 'sale' or 'sharing for cross-context behavioral advertising' under California law, and includes sensitive health-adjacent data collected in the pharmacy context alongside general retail data without consistently distinguishing HIPAA-covered data from non-HIPAA data. The policy engages CCPA/CPRA (California Consumer Privacy Act and its amendment), HIPAA as applicable to pharmacy and health services, the FTC Act governing unfair or deceptive practices, and state consumer protection frameworks; the applicability of HIPAA protections depends on whether specific data interactions occur within a covered entity context, and CCPA rights apply primarily to California residents. Material compliance considerations include the scope of health-related data sharing for advertising purposes, the adequacy of consent mechanisms for sensitive data categories, and the delineation between HIPAA-governed and non-HIPAA-governed data flows.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

4 versions captured · Last updated: June 2026

June 9, 2026

low

What changed Walgreens updated the metrics reporting period in its Privacy Policy from January 1 - December 31, 2024 to January 1 - December 31, 2025. The change reflects updated data on consumer privacy requests received and processed during the new calendar year. The specific numbers for access requests, corrections, deletions, opt-out requests, and request-to-limit submissions have been updated to reflect 2025 activity, along with corresponding completion and rejection counts.

Why this matters This change updates the reporting period and metrics data in Walgreens' Privacy Policy to reflect calendar year 2025 privacy request activity. The updated policy now discloses how many access, correction, deletion, opt-out, and request-to-limit submissions were received and processed during 2025, along with median processing times. No change has been made to consumers' rights or Walgreens' obligations regarding privacy requests.

View full change record →

Recent Provision Changes Jun 9, 2026

8 provisions unchanged.

View full change record →

High — 4 provisions

Sale and Sharing of Personal Information for Targeted Advertising Compare →

The policy discloses that Walgreens shares personal information with advertising partners in ways that may qualify as a sale or sharing for cross-context behavioral advertising under California law, and states that California residents may opt out of this sharing.

Added May 21, 2026 Standard Seen across 284 platforms
Collection of Health and Pharmacy Data Compare →

The policy states that Walgreens collects prescription information, health conditions, pharmacy interaction data, OTC purchase history, and health-related browsing activity across its digital and physical service channels.

Added May 21, 2026 Standard Seen across 284 platforms
Sensitive Personal Information Use and Limitations Compare →

The policy identifies sensitive personal information categories collected by Walgreens, including health data, financial information, precise geolocation, and account credentials, and states that California residents may request limitation of use to service-necessary purposes.

Added May 21, 2026 Standard Seen across 284 platforms
Data Sharing with Advertising and Analytics Partners Compare →

The policy authorizes sharing of personal information with advertising, analytics, and social media partners for targeted advertising and campaign measurement, and states these partners use tracking technologies including cookies and pixel tags on Walgreens services.

Added May 21, 2026 Standard Seen across 284 platforms

Medium — 3 provisions

California Consumer Privacy Rights Compare →

The policy grants California residents rights to know, delete, correct, and opt out of sale or sharing of personal information, and states that Walgreens will not discriminate against consumers for exercising these rights.

Added May 10, 2026 Standard Seen across 284 platforms
Loyalty Program Data Collection and Use Compare →

The policy states that the myWalgreens loyalty program collects purchase history, prescription information, and service interaction data, which is used for personalized offers, rewards management, and targeted communications.

Added May 21, 2026 Standard Seen across 284 platforms
Data Retention Compare →

The policy states that personal information is retained as long as necessary for the purposes collected, for legal compliance, dispute resolution, and agreement enforcement, without specifying fixed retention periods for individual data categories.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 1 provision

Children's Privacy Compare →

The policy states that Walgreens services are not directed to children under 13, that the company does not knowingly collect personal information from this age group, and that such information will be deleted upon discovery.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Walgreens has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Collection of Health and Pharmacy Data and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured June 9, 2026 11:09 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000607

Version ID CA-V-003590

Source URL https://www.walgreens.com/topic/help/generalhelp/privacyandsecurity.jsp

Wayback Machine View external archival references →

SHA-256 227324cbd325874ffc223d03609c1d55fd25e40072b332086e0ca07c40aa56a2

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Walgreens Privacy Policy

June 9, 2026

Recent Provision Changes Jun 9, 2026

Monitor governance changes across the platforms you rely on.