McDonald's states that its websites and apps are not intended for children under 13 and that it will delete any data it discovers was collected from a child under that age.
This analysis describes what McDonald's's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
While this provision provides a baseline COPPA commitment, it relies on a reactive 'if we learn' standard rather than proactive age verification, which may leave gaps in practice for a brand with significant appeal to children.
Interpretive note: The 'not directed to children' standard under COPPA depends on a totality-of-circumstances analysis including the platform's content, advertising, and audience composition; the policy's assertion alone does not resolve whether the service meets this standard in practice.
Parents should be aware that McDonald's digital services are officially not designed for children under 13, but the policy does not describe proactive age-gating mechanisms, meaning parental oversight of children's use of the McDonald's app or website remains important.
How other platforms handle this
The Service is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your cons...
To access and use the Services, you must be at least the age of majority in the state, province, or territory where you live or at least 18 years of age. If you are under the age of 13, you may not use the Services and you should not be visiting the Sites or using the Services.
enableGpcSdk: true, gpcSetting: { privacyPolicyLink: '/Privacy-Security-Policy-a-282.html' }
Monitoring
McDonald's has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our online services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible.— Excerpt from McDonald's's McDonald's Privacy Policy
REGULATORY LANDSCAPE: This provision engages the Children's Online Privacy Protection Act, enforced by the Federal Trade Commission. COPPA applies to operators of websites or online services directed to children under 13 or that have actual knowledge they are collecting personal information from children under 13. The FTC has brought enforcement actions against companies whose services had significant child audiences even when not formally directed to children. GOVERNANCE EXPOSURE: Medium. McDonald's brand has significant appeal to children, which may create a factual basis for FTC scrutiny regarding whether its digital services are 'directed to children' under COPPA's mixed-audience standard. The policy's reliance on a reactive deletion approach rather than proactive age verification is a common industry approach but may warrant review given McDonald's consumer demographics. JURISDICTION FLAGS: COPPA applies nationally. Some states, including California under the Age-Appropriate Design Code Act, impose additional requirements for services likely to be accessed by minors, including design-level protections and data minimization obligations that go beyond COPPA's baseline. CONTRACT AND VENDOR IMPLICATIONS: Advertising partners receiving McDonald's consumer data should be contractually restricted from targeting known or likely minors. Any loyalty program or app feature accessible to minors should be assessed for compliance with both COPPA and state minor privacy laws. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the McDonald's app and loyalty program effectively implement age-gating at registration, whether the platform's audience demographics trigger COPPA's mixed-audience provisions, and whether California's Age-Appropriate Design Code Act imposes additional obligations given the brand's appeal to younger users.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
While this provision provides a baseline COPPA commitment, it relies on a reactive 'if we learn' standard rather than proactive age verification, which may leave gaps in practice for a brand with significant appeal to children.
Parents should be aware that McDonald's digital services are officially not designed for children under 13, but the policy does not describe proactive age-gating mechanisms, meaning parental oversight of children's use of the McDonald's app or website remains important.
ConductAtlas has identified this type of provision across 10 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by McDonald's.