McDonald's states that its websites and apps are not intended for children under 13 and that it will delete any data it discovers was collected from a child under that age.
This analysis describes what McDonald's's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
While this provision provides a baseline COPPA commitment, it relies on a reactive 'if we learn' standard rather than proactive age verification, which may leave gaps in practice for a brand with significant appeal to children.
Interpretive note: The 'not directed to children' standard under COPPA depends on a totality-of-circumstances analysis including the platform's content, advertising, and audience composition; the policy's assertion alone does not resolve whether the service meets this standard in practice.
Parents should be aware that McDonald's digital services are officially not designed for children under 13, but the policy does not describe proactive age-gating mechanisms, meaning parental oversight of children's use of the McDonald's app or website remains important.
How other platforms handle this
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13 without parental consent. If we become aware that we have collected personal information from a child under the age of 13 without parental consent, we wil...
Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information. In some juris...
The Waze App is not intended for use by children. We do not knowingly collect personal information from children under the age of 13 (or the applicable age of digital consent in your jurisdiction, which may be higher, such as 16 in certain EU member states). If we become aware that we have collected...
Monitoring
McDonald's has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Our online services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible.— Excerpt from McDonald's's McDonald's Privacy Policy
REGULATORY LANDSCAPE: This provision engages the Children's Online Privacy Protection Act, enforced by the Federal Trade Commission. COPPA applies to operators of websites or online services directed to children under 13 or that have actual knowledge they are collecting personal information from children under 13. The FTC has brought enforcement actions against companies whose services had significant child audiences even when not formally directed to children. GOVERNANCE EXPOSURE: Medium. McDonald's brand has significant appeal to children, which may create a factual basis for FTC scrutiny regarding whether its digital services are 'directed to children' under COPPA's mixed-audience standard. The policy's reliance on a reactive deletion approach rather than proactive age verification is a common industry approach but may warrant review given McDonald's consumer demographics. JURISDICTION FLAGS: COPPA applies nationally. Some states, including California under the Age-Appropriate Design Code Act, impose additional requirements for services likely to be accessed by minors, including design-level protections and data minimization obligations that go beyond COPPA's baseline. CONTRACT AND VENDOR IMPLICATIONS: Advertising partners receiving McDonald's consumer data should be contractually restricted from targeting known or likely minors. Any loyalty program or app feature accessible to minors should be assessed for compliance with both COPPA and state minor privacy laws. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the McDonald's app and loyalty program effectively implement age-gating at registration, whether the platform's audience demographics trigger COPPA's mixed-audience provisions, and whether California's Age-Appropriate Design Code Act imposes additional obligations given the brand's appeal to younger users.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
While this provision provides a baseline COPPA commitment, it relies on a reactive 'if we learn' standard rather than proactive age verification, which may leave gaps in practice for a brand with significant appeal to children.
Parents should be aware that McDonald's digital services are officially not designed for children under 13, but the policy does not describe proactive age-gating mechanisms, meaning parental oversight of children's use of the McDonald's app or website remains important.
ConductAtlas has identified this type of provision across 10 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by McDonald's.