This analysis describes what Roblox's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes the legal mechanism by which Roblox operationalizes cross-border data flows for non-U.S. users. Standard Contractual Clauses create contractual obligations between data exporters and importers to maintain protection standards equivalent to EU law, addressing jurisdictional gaps in data protection adequacy determinations.
The updated policy restricts personalized advertising based on age. Users under 18 will see only nonpersonalized ads on the platform, while users 18 and older may see personalized ads if they provide consent where required. The revised language also removes the previous statement that the platform collects personal information from under-13 accounts for advertising purposes, clarifying that such data is not used for marketing. Users 18 or older can control whether they see personalized ads through Roblox account settings.
View change record →The updated policy adds explicit language disclosing that Roblox collects persistent identifiers (IP addresses and unique device identifiers) from all users, including children, for purposes including account authentication, ad frequency capping, network communications, and security. The policy states Roblox implements technical, contractual, and other measures to ensure these identifiers are not used for purposes outside the listed scope. This represents a clarification and formalization of practices rather than a change to what data is collected, but it does establish contractual limits on how that data may be used. You can review the full updated Privacy Policy to understand which persistent identifiers are collected and the specific operational purposes for which they are retained.
View change record →The updated policy clarifies that parent email addresses constitute the only personal information collected from child accounts under COPPA, rather than listing persistent identifiers. The policy now states that personalized ads are not enabled until age 18, rather than leaving this ambiguous when a child turns 13. These clarifications affect how parents and children understand what data Roblox collects and when advertising becomes personalized; however, the underlying data practices do not appear to have changed operationally. The policy removed detailed descriptions of collection purposes (such as internal operations), which means parents now have less granular explanation of data uses, though stated practices remain.
View change record →Users located outside the United States operate under terms that authorize transfer of their personal information to U.S. and other international locations, with data protection facilitated through European Commission-approved contractual safeguards rather than adequacy determinations for destination countries.
How other platforms handle this
Where Zendesk transfers personal data outside of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data receives an adequate level of pro...
If you are located in the European Economic Area, United Kingdom, or Switzerland, we transfer your personal data to the United States and other countries that may not provide the same level of data protection as your home country. We rely on Standard Contractual Clauses approved by the European Comm...
When we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not received an adequacy decision from the European Commission, we rely on appropriate transfer mechanisms such as the Standard Contractual Clauses (SCCs) approved by the E...
Monitoring
Roblox has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are located outside of the United States, your personal information may be transferred to and processed in the United States or other countries. We use Standard Contractual Clauses approved by the European Commission and other appropriate safeguards to transfer personal data from the EU/EEA and UK to countries that have not been deemed to provide an adequate level of data protection.— Excerpt from Roblox's Roblox Privacy and Cookie Policy
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes the legal mechanism by which Roblox operationalizes cross-border data flows for non-U.S. users. Standard Contractual Clauses create contractual obligations between data exporters and importers to maintain protection standards equivalent to EU law, addressing jurisdictional gaps in data protection adequacy determinations.
Users located outside the United States operate under terms that authorize transfer of their personal information to U.S. and other international locations, with data protection facilitated through European Commission-approved contractual safeguards rather than adequacy determinations for destination countries.
ConductAtlas has identified this type of provision across 6 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Roblox.