Practical examples of how to notify users about third-party data sharing

Real-world examples of how to notify users about third-party data sharing

When lawyers and product teams argue about privacy, they usually get stuck on the same question: How do we actually tell people what’s happening with their data? That’s where concrete examples of how to notify users about third-party data sharing become valuable. Instead of abstract theory, you need to see how clear notices look in real interfaces and real policies.

Below are practical patterns and best examples you can adapt. Each one includes:

• Context – where the notice appears
• What it explains – type of third-party sharing
• Sample wording – plain English you can customize

Throughout, I’ll flag where these align with guidance from regulators like the Federal Trade Commission (FTC) and data protection authorities.

Example of a sign-up screen disclosure for third-party data sharing

Sign-up is one of the most powerful places to be upfront. Users are already paying attention, and regulators increasingly expect clear notice before data collection and sharing.

Context: Account creation page for a subscription app.

What it explains: Sharing with payment processors, analytics, and email service providers.

Sample wording you might use:

“We use trusted third-party providers to process payments, send account emails, and understand how our app is used. When you create an account, we share limited personal data (such as your email, IP address, and payment details) with these partners only for these services. Learn more in our Third-Party Sharing section.”

This kind of wording reflects the FTC’s long-standing position that privacy notices must be clear and conspicuous and not buried in dense legalese. The FTC’s general privacy guidance emphasizes avoiding misleading omissions and making material terms prominent (ftc.gov).

Why this works as one of the best examples:

• It tells users who (third-party providers), what (limited personal data), and why (payments, emails, analytics).
• It links directly to a more detailed section—classic layered notice, which regulators like the European Data Protection Board encourage.

Banner example of how to notify users about third-party tracking and cookies

Cookie banners have evolved from annoying pop-ups to meaningful disclosures about third-party tracking. Done well, they are strong examples of examples of how to notify users about third-party data sharing in a very constrained space.

Context: First visit to a website using analytics, advertising cookies, and social media pixels.

What it explains: Third-party tracking for ads, analytics, and social features.

Sample banner text:

“We and selected partners use cookies and similar technologies to personalize content, measure traffic, and show relevant ads. This may involve sharing limited information with advertising, analytics, and social media partners. You can accept all cookies, reject non-essential cookies, or customize your choices. For details, see our Cookies & Third-Party Sharing Policy.”

This aligns with modern consent standards under laws like the GDPR and similar state privacy laws in the U.S. (for example, the California Consumer Privacy Act and its regulations, summarized at oag.ca.gov/privacy/ccpa).

Why this is a strong example of how to notify users about third-party data sharing:

• It clearly signals data sharing with partners in the first sentence.
• It offers real choices (accept, reject, customize) instead of a dark pattern.
• It points to a dedicated cookie and third-party sharing page for deeper detail.

In-app prompt example for new third-party integrations

Apps change over time. When you add a new third-party integration—say, a fraud detection tool or AI-based support bot—you should not quietly update the privacy policy and hope nobody notices. An in-app prompt can be one of the best examples of transparent behavior.

Context: Existing users logging in after you add a new fraud detection provider.

What it explains: New third-party sharing and the purpose behind it.

Sample in-app notice:

“We’ve updated how we protect your account.

To better detect suspicious activity, we now work with a specialized fraud detection partner. When you use your account, we may share device information, IP address, and limited usage data with this provider only to detect and prevent fraud. No direct marketing is based on this data.

You can review details in our updated Third-Party Sharing section. By continuing to use your account, you acknowledge this update. If you have questions, contact us at privacy@example.com.”

This kind of notice mirrors the expectation from regulators that material changes to data practices be highlighted, not hidden. The FTC has brought enforcement actions when companies expanded data sharing without adequate new notice or consent.

Why this stands out among real examples:

• It is timely (shown when the change happens).
• It is specific about the new third party and the limited purpose.
• It clarifies what will not happen (no marketing based on that data).

Layered privacy policy example of third-party data sharing language

Your privacy policy is still the backbone of your disclosures. But long, dense policies are useless if nobody can understand them. The best examples of modern policies use layered sections, clear headings, and tables.

Context: “Who We Share Your Information With” section of a privacy policy.

What it explains: Categories of third parties, purposes, and types of data.

Sample structure and wording:

Who we share your information with and why
We share your information with third parties only as described below:

• Service providers (processors): Companies that process data on our behalf, such as payment processors, cloud hosting providers, analytics vendors, and customer support tools. We share identifiers (like email and IP address), transaction data, and usage data so they can provide these services under contract.
• Advertising and marketing partners: With your consent where required by law, we share online identifiers, cookie data, and limited demographic information with advertising partners to measure performance and show relevant ads.
• Analytics partners: We use analytics tools to understand how our services are used. These partners receive pseudonymous usage data and device information.
• Legal, security, and regulatory recipients: We may share data with law enforcement, regulators, or legal advisors where required by law or to protect our rights.

For more detail and examples of how we work with specific third-party providers, see Appendix A – Third-Party Partners.

This approach reflects what many regulators and academics recommend: categorize third parties, explain purposes, and avoid vague phrases like “trusted partners” without context. For deeper policy design guidance, the National Institute of Standards and Technology (NIST) has useful privacy engineering resources at nist.gov/privacy-engineering.

Email notice example of how to notify users about expanded third-party data sharing

When you change how you share data, an email notice can be a strong signal of good faith. It also helps defend against claims that users were never informed.

Context: Updating your privacy policy to add a new analytics partner and expand cross-device tracking.

What it explains: Material changes to third-party sharing and user options.

Sample email text:

Subject: We’ve updated how we work with analytics partners

We’ve updated our Privacy Policy to explain new ways we use analytics to improve our services.

What’s changing
We now work with additional third-party analytics providers to better understand how users navigate our site and apps across different devices. This may involve sharing pseudonymous identifiers, device information, and usage data with these partners.

What stays the same

• We do not sell your personal information.
• We do not allow analytics partners to use your data for their own marketing.

You can opt out of analytics cookies at any time in our Privacy Center. The updated policy will take effect on March 1, 2025. You can review the full policy here.

Why this ranks among the best examples of how to notify users about third-party data sharing:

• It distinguishes what’s changing from what stays the same.
• It mentions effective date, which regulators often look for.
• It offers a concrete control (opt out) and links to the full policy.

Mobile app store listing example of third-party data sharing disclosure

App stores now require more transparency up front. Google Play and Apple’s App Store both ask developers to declare how they collect and share data. That makes app store listings another channel where you need clear examples of how to notify users about third-party data sharing.

Context: App Store “App Privacy” or Google Play “Data safety” section.

What it explains: Categories of data shared and purposes.

Sample short-form disclosure:

Data shared with third parties
We share the following data types with third-party service providers:

• Contact info (email): Shared with our email provider to send account updates and security alerts.
• Identifiers (device ID, IP address): Shared with analytics providers to understand app performance.
• Purchase history: Shared with payment processors to complete transactions and manage refunds.

We do not share your data with third parties for their independent advertising or data brokerage.

Apple and Google provide their own taxonomies and requirements, so your wording should mirror those frameworks. But the principle is the same: be specific about what is shared and why.

Just-in-time example of how to notify users about third-party AI tools

A newer trend for 2024–2025: apps quietly sending user data to third-party AI or large language model providers. That’s a fast way to invite regulatory scrutiny if you don’t disclose it properly.

Context: User opens a new “AI assistant” feature inside your product.

What it explains: Sharing user input with a third-party AI provider, retention, and controls.

Sample just-in-time notice:

“This feature is powered by a third-party AI service. When you use it, your prompts and related content may be sent to this provider to generate responses. We require our provider to use your data only to deliver this feature and not to train models for other customers. We retain AI-related data for up to 30 days to monitor for abuse.

You can turn this feature off at any time in Settings > Privacy > AI Features. Learn more in our AI & Third-Party Sharing FAQ.”

Why this is one of the more important real examples in 2025:

• It addresses who gets the data (third-party AI service), how they can use it, and how long it’s retained.
• It provides a clear off switch and a link to more detail.
• It anticipates user concerns about model training and explains the limits.

Design tips drawn from the best examples of notifications

Looking across these examples of how to notify users about third-party data sharing, some patterns show up again and again in the best implementations:

• Use plain language. Replace “disclose to third parties for the purpose of facilitating services” with “share with companies that help us run our business, like payment processors and email providers.” Research from organizations like the National Institutes of Health shows that plain language improves understanding across reading levels (nih.gov/health-information).
• Name categories, not just “partners.” Users deserve to know if “partners” means cloud hosting providers, ad networks, or data brokers.
• Explain benefits and risks. You don’t need scare tactics, but you should be honest that sharing with advertising partners means users may see personalized ads.
• Offer real controls where possible. Opt-outs for analytics cookies, settings for AI features, or toggles for marketing emails all build trust.
• Use layered notices. Short summaries (banners, prompts) linked to detailed sections or FAQs are more readable and more likely to be considered fair by regulators.

These design principles turn abstract compliance into practical, defensible UX.

FAQ: short examples of how to notify users about third-party data sharing

Q1. Can you give a quick example of a one-sentence third-party sharing notice?
A simple example of a short notice is: “We share your information with third-party service providers who help us process payments, deliver emails, and analyze usage, and we require them to protect your data and use it only for these services.” This kind of sentence can appear near a sign-up button or in a checkout flow.

Q2. What are good examples of disclosures for advertising partners?
Strong examples include wording like: “With your consent, we share cookie identifiers and limited demographic information with advertising partners so we can measure campaigns and show relevant ads. You can change your ad settings at any time in our Privacy Center.” The key is to name the type of data, the purpose, and the control.

Q3. Do I need separate examples of notifications for cookies and for other third-party tools?
Often, yes. Cookies and online trackers are usually handled in a Cookie Policy or banner, while other third-party tools (payment processors, cloud hosting, AI providers) are better explained in the main Privacy Policy and just-in-time notices. Many organizations use a combination of cookie banners, in-app prompts, and email updates to cover different types of third-party data sharing.

Q4. Are there examples of regulators explaining how they expect third-party sharing to be disclosed?
Yes. The California Attorney General’s office offers CCPA guidance and enforcement examples that touch on third-party disclosures (oag.ca.gov/privacy/ccpa). The FTC also publishes enforcement actions and business guidance that show what they consider misleading or inadequate disclosures. Reviewing these real examples can help you stress-test your own notices.

Q5. How often should I update my examples of how to notify users about third-party data sharing?
Any time you add a new category of third party, change how data is used, or expand cross-site or cross-device tracking, you should revisit your language. At least once a year, do a full review: compare your actual third-party vendors and data flows to what your policy and prompts say. If they don’t match, your notifications—and your examples of disclosures—need an update.

If you treat these examples of examples of how to notify users about third-party data sharing as templates, not scripts, you’ll end up with notices that fit your product, respect your users, and stand a far better chance of satisfying regulators.