What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This notice engages the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA), enforced by the California Privacy Protection Agency and California Attorney General, as well as similar comprehensive consumer privacy statutes enacted in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with active legislation. The notice's disclosure of targeted advertising data sharing and data sale implicates CPRA's opt-…

How does Walmart's Walmart Privacy Notice affect users?

The notice establishes that Walmart collects specified categories of personal information and discloses them to third-party advertising and analytics partners as part of its standard operations. Consumers in applicable states may submit opt-out requests via Walmart's designated privacy request portal or through a 'Do Not Sell or Share My Personal Information' link on Walmart's website to restrict these disclosures for targeted advertising.

How often is Walmart's Walmart Privacy Notice updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Walmart updates this document?

Yes. Watcher subscribers ($9.99/month) can add Walmart to their watchlist and receive same-day email alerts whenever this document or any other Walmart document changes.

CA-D-000258

Walmart Privacy Notice

Walmart

Last change detected April 18, 2026 Privacy policy

SHA-256: 05593129da1e8d58bdf… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Walmart ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

3 High severity

4 Medium severity

1 Low severity

Summary

This document establishes Walmart's data collection and use practices across its stores, website, and mobile application. Walmart collects purchase history, location information, device identifiers, browsing activity, and derived preference inferences, and authorizes disclosure of this information to advertising and analytics partners, which may constitute a sale or sharing of personal information under applicable state privacy laws. California residents and consumers in other specified states may submit requests through Walmart's privacy portal to opt out of such sales or sharing for targeted advertising purposes.

Technical / Legal Breakdown

This document is Walmart's Customer Privacy Notice governing the collection, use, sharing, and retention of personal information from customers interacting with Walmart's online and in-store services, published with an effective date of August 1, 2025, and asserting applicability to U.S. customers across Walmart's retail ecosystem. The notice states that Walmart collects identifiers, commercial information, geolocation data, internet and network activity, inferences, and sensitive personal information including financial account details and government-issued identifiers, and the terms authorize use of this data for operational purposes, marketing, analytics, and sharing with service providers, advertising partners, data brokers, and affiliates. The notice discloses participation in advertising ecosystems including targeted advertising and the sale or sharing of personal information as defined under state privacy laws, and grants consumers opt-out rights for targeted advertising and data sale or sharing, which are operationally distinct from default data minimization frameworks that some jurisdictions require. The notice engages the California Consumer Privacy Act as amended by the California Privacy Rights Act, along with similar state privacy statutes in Virginia, Colorado, Connecticut, Texas, and other states that have enacted comprehensive consumer privacy laws, and Walmart's status as a large-scale retail data collector creates heightened regulatory exposure under FTC unfair or deceptive practices authority. Material compliance considerations include the adequacy of consent mechanisms for sensitive personal information processing, the scope of third-party data sharing for advertising purposes, and the operationalization of consumer rights requests across both online and in-store touchpoints.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

High — 3 provisions

Sale or Sharing of Personal Information for Targeted Advertising Compare →

Walmart states it shares customer data with advertising partners in ways that qualify as selling or sharing personal information under state privacy laws, and customers can opt out of this practice.

Added May 12, 2026 Standard Seen across 189 platforms
Sensitive Personal Information Collection

Walmart collects sensitive data categories including financial account details, government IDs, and precise location, and customers have the right to limit how Walmart uses this information beyond what is necessary to complete their transaction.

Added May 12, 2026 Rare
Third-Party Data Sharing with Service Providers and Partners Compare →

The policy states that Walmart shares customer data with a range of third parties including advertising and analytics companies, and some of those companies may use the data for their own purposes beyond providing services to Walmart.

Added May 12, 2026 Standard Seen across 246 platforms

Medium — 4 provisions

Geolocation Data Collection Compare →

Walmart states it collects your precise location through its app when location services are enabled, and uses this data for both service delivery and marketing purposes.

Added April 18, 2026 Standard Seen across 251 platforms
Consumer Privacy Rights Request Mechanism Compare →

The policy states that customers can request to access, delete, correct, or limit their personal information, and can opt out of data sale or sharing, by submitting a request through Walmart's privacy portal or by phone.

Added May 12, 2026 Standard Seen across 262 platforms
In-Store Data Collection Compare →

The policy states Walmart collects customer information in physical stores through cameras, loyalty programs, payment systems, and other technologies, and uses this data for operations, security, and marketing.

Added May 12, 2026 Standard Seen across 251 platforms
Children's Privacy Compare →

The policy states that Walmart's services are not intended for children under 13, and that Walmart will delete personal information from children under 13 if it is inadvertently collected.

Added May 10, 2026 Standard Seen across 262 platforms

Low — 1 provision

Data Retention Compare →

Walmart states it keeps customer personal information for as long as needed for the purposes described in the policy or as legally required, using the nature and purpose of the data as criteria for determining how long it is held.

Added April 18, 2026 Standard Seen across 223 platforms

Monitoring

Walmart has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Biometric Identifier Collection and similar clauses.

Compare across platforms →