Xfinity · Comcast Privacy Policy · View original document ↗

Third Party Re-Identification Risk Disclosure

High severity High confidence Explicitdocumentlanguage Common · 275 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Xfinity Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The policy discloses that when Xfinity shares non-directly-identifying data such as IP addresses or device identifiers with third-party partners, those partners may be capable of re-identifying users using information from other sources.

This analysis describes what Xfinity's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause establishes that Xfinity recognizes a re-identification risk when sharing ostensibly non-identifying information, meaning practical anonymity is not guaranteed even for non-directly-identifying data Xfinity discloses.

Clause Stability Stable

0
Changes
3
Months Monitored
Jul 9, 2026
First Seen
Jul 10, 2026
Last Seen
This clause type exists across 1442 other provisions on other platforms.

Consumer impact (what this means for users)

Under this clause, Xfinity discloses that third-party partners receiving data such as IP addresses or device identifiers may combine that data with other sources to identify individual users. The agreement does not represent that Xfinity contractually restricts partners from engaging in such re-identification.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Opt Out of Arbitration
    Navigate to the Xfinity Privacy Preferences Center and adjust your marketing and advertising sharing preferences to limit disclosure of identifiers to third-party partners.

How other platforms handle this

Strava Medium

prevent or detect violations of our Terms or fraud or abuse of Strava or its users; or (4) protect our operations or our property or other legal rights, including in connection with actual or potential litigation.

Perplexity AI Medium

the Receiving Party shall (other than to the extent prohibited by law) provide prior written notice to the Disclosing Party and reasonably cooperate...with any efforts by the Disclosing Party to contest or limit such disclosure requirement

Cohere Medium

Recipient may disclose Discloser's Confidential Information: (i) to the extent that such disclosure is required by applicable law or by the order of a court...provided that...the Recipient promptly notifies the Discloser in writing of such required disclosure...

See all platforms with this clause type →

Monitoring

Xfinity has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Where the personal information we may disclose does not directly identify you...it is possible that our third party partners may be able to identify you based on information they collect from other sources...

— Excerpt from Xfinity's Comcast Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: This provision engages GDPR's definition of personal data, which encompasses information that is identifiable when combined with other data held by a controller or a third party. Under GDPR and UK GDPR, IP addresses and device identifiers are generally treated as personal data. CCPA similarly covers information that is reasonably linkable to a consumer. The FTC has addressed re-identification risks in guidance on data broker and advertising ecosystem practices. Relevant enforcement authorities include the FTC, state Attorneys General, the European Data Protection Board, and the UK ICO. 2) GOVERNANCE EXPOSURE: High. The policy's explicit acknowledgment that third-party partners may re-identify users from shared pseudonymous identifiers may, in jurisdictions where IP addresses and device identifiers are classified as personal data, mean that disclosures of such data to third parties constitute personal data transfers subject to consent and transparency requirements under GDPR and CCPA. The policy does not represent that partner contracts include re-identification prohibitions. 3) JURISDICTION FLAGS: EEA and UK users face heightened exposure because GDPR and UK GDPR treat reasonably re-identifiable data as personal data, meaning third-party sharing of IP addresses and device identifiers may require a valid legal basis and data processing agreements with appropriate safeguards. California residents may have rights regarding the sale or sharing of such data under CCPA. Illinois BIPA is not directly implicated unless biometric identifiers are included. 4) CONTRACT AND VENDOR IMPLICATIONS: B2B clients and partners should assess whether Xfinity's data sharing agreements include restrictions on third-party re-identification and whether those terms satisfy their own regulatory obligations. The absence of disclosed contractual re-identification restrictions in the policy may be a due diligence flag for enterprise customers. 5) COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the disclosure of this re-identification risk satisfies transparency requirements under GDPR Article 13/14 and CCPA notice obligations. Data processing agreements with third-party advertising partners should be reviewed to assess whether re-identification restrictions are contractually imposed. Organizations subject to GDPR should assess whether shared pseudonymous identifiers qualify as personal data transfers requiring appropriate safeguards.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over consumer data practices including third-party data sharing and re-identification risks in advertising ecosystems.
    File a complaint →

Provision details

Document information
Document
Comcast Privacy Policy
Entity
Xfinity
Document last updated
May 5, 2026
Tracking information
First tracked
March 20, 2026
Last verified
July 9, 2026
Record ID
CA-P-015972
Document ID
CA-D-00344
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
bc66f71f6b1e41eae417fd7fdc9cff462e4058960eb77591520a827d276f229b
Analysis generated
March 20, 2026 04:21 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Xfinity
Document: Comcast Privacy Policy
Record ID: CA-P-015972
Captured: 2026-03-20 04:21:34 UTC
SHA-256: bc66f71f6b1e41ea…
URL: https://conductatlas.com/platform/xfinity/comcast-privacy-policy/provision/CA-P-015972/third-party-re-identification-risk-disclosure/
Accessed: July 13, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Xfinity's Third Party Re-Identification Risk Disclosure clause do?

The clause establishes that Xfinity recognizes a re-identification risk when sharing ostensibly non-identifying information, meaning practical anonymity is not guaranteed even for non-directly-identifying data Xfinity discloses.

How does this clause affect you?

Under this clause, Xfinity discloses that third-party partners receiving data such as IP addresses or device identifiers may combine that data with other sources to identify individual users. The agreement does not represent that Xfinity contractually restricts partners from engaging in such re-identification.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 275 platforms. See the full comparison.

Is ConductAtlas affiliated with Xfinity?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Xfinity.