Disney Slapped with a Record $2.75M Fine for Privacy Law Breaches
The Walt Disney Company has been hit with a record $2.75 million fine, the largest ever under California’s landmark privacy law. This resolves allegations that the entertainment giant made it exceedingly difficult for consumers to opt out of having their personal data sold and shared.
California Attorney General Rob Bonta announced the settlement on Wednesday. He stated that Disney violated the California Consumer Privacy Act (CCPA) by failing to fully honor consumers’ opt-out requests across all devices and streaming services associated with their Disney accounts.
“Consumers shouldn’t have to go to infinity and beyond to assert their privacy rights,” Bonta said. “California’s nation-leading privacy law is clear: A consumer’s opt-out right applies wherever and however a business sells data—businesses can’t force people to go device-by-device or service-by-service.”
The investigation, which began with a January 2024 sweep of streaming services, found that Disney’s opt-out mechanisms were fragmented and incomplete. This allowed the company to continue selling and sharing consumer data even after explicit requests to stop. Under the settlement, Disney must:
- Implement comprehensive opt-out methods
- Fully stop the company’s sale or sharing of consumers’ personal information across all platforms
Disney defended its practices, stating it “continues to invest significant resources to set the standard for responsible and transparent data practices across our streaming services.” This settlement marks the seventh major CCPA enforcement action by California’s Attorney General.
Source: California Attorney General’s Office