McDonald's shares your personal data, including contact information and order history, with independently owned and operated franchise restaurants for order fulfillment, account management, and marketing.
This analysis describes what McDonald's's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Because McDonald's franchisees are independent business operators rather than direct McDonald's employees, data shared with them may be subject to different privacy practices and accountability structures than data retained by McDonald's corporate.
Interpretive note: The policy does not clarify whether franchisees are treated as service providers subject to data use restrictions or as independent businesses for purposes of CCPA/CPRA, creating ambiguity about the legal basis for this data sharing.
Your personal information including contact details and purchase history may be shared with the franchise owner of your local McDonald's, who operates as an independent business, for marketing purposes beyond just completing your order.
How other platforms handle this
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
We process personal data you provide to Oura to enable third party integrations, services, features, and offerings. For example, with your permission, our Services may integrate with third-party services like Google Health Connect and Apple HealthKit, or those of our partners. Oura takes measures to...
Creators: when you subscribe to a Creator's publication, we provide them the information necessary (including your name and email address) to provide you their publication(s). Please note that Creators control their own publications; accordingly, when you interact with a Creator's publication in a w...
Monitoring
McDonald's has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your personal information with McDonald's franchisees, including to fulfill your order, manage your account, and for marketing purposes.— Excerpt from McDonald's's McDonald's Privacy Policy
REGULATORY LANDSCAPE: The sharing of personal information with franchisees for marketing purposes engages CCPA/CPRA disclosure requirements, as franchisees may constitute separate 'businesses' under California law to which standard service provider restrictions may not automatically apply. The FTC Act's deceptive practices provisions are also relevant if consumers do not reasonably expect their data to flow to independent franchise operators for marketing. GOVERNANCE EXPOSURE: Medium. The policy's authorization to share personal data with franchisees for marketing purposes raises questions about whether adequate data processing agreements exist with each franchisee and whether those agreements impose appropriate data use limitations consistent with McDonald's privacy commitments to consumers. JURISDICTION FLAGS: California's CPRA requires that businesses disclose all categories of third parties with whom personal information is shared. Where franchisees are treated as independent businesses rather than service providers or contractors, additional disclosure obligations may apply. This analysis is jurisdiction-dependent and may vary under other state privacy laws. CONTRACT AND VENDOR IMPLICATIONS: Franchisee agreements should include data processing terms that bind franchisees to McDonald's stated privacy commitments and applicable legal requirements. Without such contractual controls, the corporate policy's protections may not extend to how franchisees actually handle consumer data received from McDonald's. COMPLIANCE CONSIDERATIONS: Compliance teams should map which data categories flow to franchisees, under what legal basis, and whether franchisee data handling practices have been audited for consistency with this policy. The marketing use authorization should be assessed against opt-out rights honored at the corporate level to confirm that consumer opt-outs propagate to franchisee marketing activities.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Because McDonald's franchisees are independent business operators rather than direct McDonald's employees, data shared with them may be subject to different privacy practices and accountability structures than data retained by McDonald's corporate.
Your personal information including contact details and purchase history may be shared with the franchise owner of your local McDonald's, who operates as an independent business, for marketing purposes beyond just completing your order.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by McDonald's.