Study: Toward a framework for classifying platform policy update disclosures
Methodology ▪ April 7, 2026
Disclosures from internet platforms about changes in their policies are crucial for transparency and user autonomy. However, platforms often update their terms and policies with minimal, last‑minute, or no direct notice to users, despite their far‑reaching implications for rights and risks. This preliminary study investigates in what ways and how often major platforms provide, or fail to provide, timely and meaningful notification of policy changes. By empirically tracking updates and their disclosures across services using Open Terms Archive, it aims to define a classification system for policy disclosure. This classification framework constitutes an essential indicator for assessing the transparency of policy changes by internet platforms.
Scope and methodology
The study uses Open Terms Archive to track changes in different terms and policies on four platforms: YouTube, Facebook, LinkedIn, and TikTok. These were identified based on the highest active user base, diversity in ownership, and range of policy updates. We looked at policy updates between the time period of Aug 1, 2025 to Dec 31, 2025. We focused on policy changes in the United States (US), given the consistent tracking of updates in this jurisdiction on Open Terms Archive over this time period. The study builds upon existing frameworks and classifications of platform disclosures1.
We began by broadly classifying the disclosure of updates along three axes: timing, communication channel, and opportunity for an action/consent. We then reviewed policy updates by selected platforms using Open Terms Archive and secondary sources such as media reports, press releases, and civil society reports. Based on this, we identified examples of updates that varied in terms of the three axes, thereby establishing a classification framework. We used secondary research to locate when and how these changes were communicated on user-facing channels, including in-app notifications and direct emails. We looked through media articles, public announcements on platforms, and community discussion forums to verify each update’s disclosure mechanism and mapped this data visually.
The following tables present the data collected from each platform: policy updates, timing of disclosure, and medium of communication. The data on opportunity for action/consent has been specified separately for each table. Policy updates that were not identified with Open Terms Archive have been italicised. Each example in the tables mentions the type of policy document, topic of policy update, date of change, and date of announcement of change. The annex contains further details on each policy update example and sources used.
YouTube
For all the updates mentioned in the following table with an advance notice, there was no opportunity given for action/consent.
| Timing → Medium ↓ | Advance notice (30 days or more) | Less than 30 days | No advance notice |
|---|---|---|---|
| Public announcement/press release | YouTube privacy policy: using machine learning for age estimation. Effective on Aug 13, 2025. Announced on Jul 29, 2025. | - | - |
| In app | - | - | - |
| YouTube paid service terms of service: access from country where the user signed up. Effective on Sep 26, 2025. Announced on Aug 12, 2025. | - | - | |
| Terms and policies only | - | YouTube content monetisation policy: “Repetitious content” renamed to “Inauthentic content”. Effective on Jul 15, 2025. Announced on Jul 2, 2025. | YouTube community guidelines: colloidal silver removed from list of harmful substances. Effective on Oct 9, 2025. |
| No notification of changes | - | - | - |
Observations
We noted that YouTube had notified users of two of its significant updates more than 30 days before the changes took effect. These changes were announced as a public announcement and through emails to individual users. The update on its Content Monetisation Policy was not announced at all and was only mentioned in the terms and policy document less than two weeks before it was implemented. Lastly, the Community Guidelines update was applied without any prior notification.
For all the updates mentioned in the following table with an advance notice, there was no opportunity given for an action/consent.
| Timing → Medium ↓ | Advance notice (30 days or more) | Less than 30 days | No advance notice |
|---|---|---|---|
| Public announcement/press release | Facebook privacy policy: AI interaction tracking. Effective on Dec 16, 2025. Announced on Oct 7, 2025. | - | - |
| In app | Facebook privacy policy: AI interaction tracking. Effective on Dec 16, 2025. Announced on Oct 7, 2025. | - | Facebook copyrights claims policy: content protection feature for creators. Effective on Nov 18, 2025. |
| Facebook privacy policy: AI interaction tracking. Effective on Dec 16, 2025. Announced on Oct 7, 2025. | - | - | |
| Terms and policies only | - | - | Facebook community guidelines: removing accounts for interacting with violating content. Effective on Sep 20, 2025. |
| No notification of changes | - | - | - |
Observations
The significant Facebook Privacy Policy change on use of AI interactions was communicated more than 2 months in advance via press release, email, and in-app notifications to individual users. There were no updates in this time period that were announced within a month’s time of the effective date. The updates in the Copyright Claims Policy and Community Guidelines, which were implemented without any advance notice, were communicated through an in-app notification and the policy document respectively.
For all the updates mentioned in the following table with an advance notice, there was an opportunity given for an action/consent.
| Timing → Medium ↓ | Advance notice (30 days or more) | Less than 30 days | No advance notice |
|---|---|---|---|
| Public announcement/press release | - | - | - |
| In app | - | - | - |
| LinkedIn terms of service and privacy policy: data sharing with Microsoft. Effective on Nov 3, 2025. Announced on Sep 28, 2025. | - | - | |
| Terms and policies only | - | - | LinkedIn community guidelines: ban on political ads. Effective on Oct 2, 2025. |
| No notification of changes | - | - | LinkedIn privacy policy: data use for AI training |
Observations
The update in LinkedIn’s Terms of Service and Privacy Policy was shared more than a month before the date of implementation by sending direct emails to users. There were no updates noted from this duration that were announced less than a month from the effective date. The Community Guidelines change was communicated with no advance notice only through the policy document. Finally, the Privacy Policy update on data use for AI training in the US was not announced even on the policy document.
TikTok
For all the updates mentioned in the following table with an advance notice, there was no opportunity given for an action/consent. The US entity establishment update was sent to users as an in-app notification, where they were asked to agree to the new terms.
| Timing → Medium ↓ | Advance notice (30 days or more) | Less than 30 days | No advance notice |
|---|---|---|---|
| Public announcement/press release | TikTok community guidelines: user safety, live streaming, AI content. Effective on Sep 13, 2025. Announced on Aug 14, 2025. | - | TikTok: establishment of separate US entity. Effective on Jan 23, 2026. |
| In app | TikTok community guidelines: user safety, live streaming, AI content. Effective on Sep 13, 2025. Announced on Aug 14, 2025. | - | TikTok: establishment of separate US entity. Effective on Jan 23, 2026. |
| TikTok community guidelines: user safety, live streaming, AI content. Effective on Sep 13, 2025. Announced on Aug 14, 2025. | - | - | |
| Terms and policies only | - | TikTok privacy policy: addition of TikTok Ad Network privacy policy. Effective on Nov 30, 2025. Announced on Nov 6, 2025. | TikTok developer terms: commercial content library access introduced. Effective on Dec 26, 2025. |
| No notification of changes | - | - | - |
Observations
TikTok’s update in its Community Guidelines was announced a month in advance through a public announcement, direct email, and in-app notification. Its Privacy Policy update was announced around 3 weeks before the effective date, but only through the policy document. In Jan 2026, TikTok established a separate US entity, which was announced with no prior notice by the platform. This update was communicated via a press release and an in-app notification. The Developer Terms update was again announced without advance notice and only through the policy document.
Conclusion
Mapping these examples reveals a classification framework comprising various degrees of timing; advance notice of more than 30 days, less than 30 days, and no advance notice, and types of communication channels; public announcement/press release, in-app notification, direct email, terms and policies document only, and no notification of change. This classification framework can be used to evaluate the transparency of platforms, provide empirical and quantified evidence of non-compliance with regulatory requirements, and support advocacy research on patterns related to data practices and jurisdictions.
The examples also illustrate that while platforms often issue advance notices for significant changes, these are rarely accompanied by requesting consent or offering an opt-out. The channels through which notifications are communicated also remain inconsistent with different timing across platforms. For instance, direct emails or in-app notifications are not connected to the impact of changes or to the urgency of communication.
Further work
This classification framework can be further detailed by collecting more data. Expanding the dataset to include more services over a longer period of time across more jurisdictions could provide further gradations in all the axes. In terms of methodology, notification evidence can also be captured by monitoring user-facing channels. This can be done by automated methods such as RSS feeds or manually by maintaining test accounts for each platform and making schedule checks for notifications and emails.
The observations from the tables lead to questions around the content of updates and how it is connected to disclosure. What are considered significant changes by platforms? How does significance or nature of changes dictate the timing, communication channels, and consent requests? And how does it correlate with regulatory compliance?
Annex
Details of each example and sources.
YouTube
YouTube privacy policy: using machine learning for age estimation
| Effective on | Aug 13, 2025 |
| Announced on | Jul 29, 2025 |
| No | |
| Public announcement | Yes |
| In-App | No |
| Opt-out | No |
| Sources | change.org, cnn.com, blog.youtube, abcnews.go.com |
YouTube paid service terms of service: access from country where the user signed up
| Effective on | Sep 26, 2025 |
| Announced on | Aug 12, 2025 |
| Yes (on Aug 22, 2025) | |
| Public announcement | No |
| In-App | No |
| Opt-out | No |
| Sources | securityonline.info, support.google.com, reddit.com |
YouTube content monetisation policy: “Repetitious content” renamed to “Inauthentic content”
| Effective on | Jul 15, 2025 |
| Announced on | Jul 2, 2025 |
| No | |
| Public announcement | No |
| In-App | No |
| Opt-out | No |
| Notes | Creators had to delete content that did not align with the updated policy before it was in effect, less time given. Clarifications for creators issued on Jul 11, 2025. |
| Sources | support.google.com, theverge.com, medium.com, support.google.com (creators) |
YouTube community guidelines: colloidal silver removed from list of harmful substances
| Effective on | Oct 9, 2025 |
| Announced on | - |
| No | |
| Public announcement | No |
| In-App | No |
| Opt-out | No |
| Sources | opentermsarchive.org |
Facebook privacy policy: Using interactions with AIs to personalize experiences and ads
| Effective on | Dec 16, 2025 |
| Announced on | Oct 7, 2025 |
| Yes | |
| Public announcement | Yes |
| In-App | Yes |
| Opt-out | No |
| Sources | about.fb.com |
Facebook copyrights claims policy: content protection feature for creators
| Effective on | Nov 18, 2025 |
| Announced on | - |
| No | |
| Public announcement | No, but blog announcement was made |
| In-App | Yes |
| Opt-out | No, but creators can apply if not already part of the rights manager system |
| Sources | socialmediatoday.com, creators.facebook.com |
Facebook community guidelines: removing accounts based on their interactions with violating accounts, Facebook, and groups
| Effective on | Sep 20, 2025 |
| Announced on | - |
| No | |
| Public announcement | No |
| In-App | No |
| Opt-out | No |
| Sources | opentermsarchive.org |
LinkedIn terms of service and privacy policy: data sharing with Microsoft
| Effective on | Nov 3, 2025 |
| Announced on | Sep 28, 2025 |
| Yes | |
| Public announcement | No, article in help centre |
| In-App | No |
| Opt-out | Yes (enabled by default) |
| Sources | linkedin.com, github.com |
LinkedIn community guidelines: ban on political ads
| Effective on | Oct 2, 2025 |
| Announced on | - |
| No | |
| Public announcement | No |
| In-App | No |
| Opt-out | No |
| Sources | opentermsarchive.org, github.com |
LinkedIn privacy policy: data use for AI training
| Effective on | Unclear |
| Announced on | - |
| No | |
| Public announcement | No |
| In-App | No |
| Opt-out | Yes (announced in Sep 2025) |
| Sources | linkedin.com, opentermsarchive.org |
TikTok
TikTok privacy policy: addition of TikTok Ad Network privacy policy
| Effective on | Nov 30, 2025 |
| Announced on | Nov 6, 2025 |
| No | |
| Public announcement | No |
| In-App | No |
| Opt-out | No |
| Sources | github.com |
TikTok developer terms: commercial content library access introduced
| Effective on | Dec 26, 2025 |
| Announced on | - |
| No | |
| Public announcement | No |
| In-App | No |
| Opt-out | No |
| Sources | github.com, opentermsarchive.org |
TikTok: establishment of separate US entity
| Effective on | Jan 23, 2026 |
| Announced on | - |
| No | |
| Public announcement | Yes |
| In-App | Yes |
| Opt-out | No, but asked to agree to new terms or will be unable to use the service |
| Notes | Deal in news since Dec, but no official advance public announcement from TikTok. Email sent to advertisers in late Jan. |
| Sources | opentermsarchive.org, theguardian.com, americanprogress.org, cnbc.com, adweek.com, newsroom.tiktok.com, cbsnews.com |
TikTok community guidelines: user safety, live streaming, AI content
| Effective on | Sep 13, 2025 |
| Announced on | Aug 14, 2025 |
| Yes (based on last paragraph of press release) | |
| Public announcement | Yes |
| In-App | Yes (based on last paragraph of press release) |
| Opt-out | No |
| Sources | tiktok.com, socialmediatoday.com, mashable.com, newsroom.tiktok.com |
Schaub, F., Balebako, R., Durity, A. L., Cranor, L. F., A Design Space for Effective Privacy Notices. USENIX Association (2015). https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf; Flanagan, A. J., King, J., Warren, S. Redesigning Data Privacy: Reimagining Notice & Consent for human-technology interaction. World Economic Forum (2022). https://www3.weforum.org/docs/WEF_Redesigning_Data_Privacy_Report_2020.pdf; Kuznetsov, M., Novikova, E. & Kotenko, I. Modelling user notification scenarios in privacy policies. Cybersecurity 7, 41 (2024). https://doi.org/10.1186/s42400-024-00234-8 https://link.springer.com/article/10.1186/s42400-024-00234-8 ↩︎