California has reached the highest recorded settlement in history based on the state’s data privacy law, requiring Disney to pay $2.75 million and adjust its data processing practices.
According to California’s Attorney General Rob Bonta, on February 11th, a settlement was reached regarding allegations that Disney violated the California Consumer Privacy Act (CCPA). The company was accused of not fully honoring requests from users to stop selling or sharing their personal information.
The investigation in California found that Disney did not completely respect requests to stop selling or sharing personal data across all devices and streaming services associated with consumer accounts.
Bonta stated, “Companies cannot force people to manipulate multiple devices, repeatedly change service settings. In California, requesting companies to stop selling personal data should not become complicated or cumbersome.” Under the terms of the settlement, Disney agreed to pay a $2.75 million civil penalty and establish an opt-out mechanism to permanently prevent the sale or sharing of consumer personal information.
The Epoch Times has contacted Disney for comments, but as of the time of publication, no response has been received.
The California government indicated that the investigation into Disney stemmed from a comprehensive investigative action against streaming service platforms in January 2024 to audit potential CCPA violations.
Investigators found that even if users were logged into their Disney accounts, the company’s processes did not allow them to opt-out of all data sales or sharing at once. This meant that users’ data could still be sold or shared via other devices or services connected to the same account.
The state government believes that the several opt-out methods provided by Disney have flaws. Additionally, Disney did not offer a direct opt-out option in many internet television streaming applications, instead redirecting users to a web form, preventing users from stopping data sales or sharing within those applications.
Even if users used the “Global Privacy Control” (GPC) – described by the California government as a simple and easy-to-use “stop selling or sharing my data switch” available in some browsers or extensions – and were logged into their accounts, Disney only restricted that request to the device currently in use.
The CCPA grants residents the right to understand how companies collect, share, and disclose their personal information, and allows consumers to request companies to stop selling or sharing that data.
The Attorney General’s Office stated that the settlement announced on Wednesday is the 7th enforcement action since the implementation of the CCPA.
Bonta had previously announced settlements with several companies, including Sephora, DoorDash, Jam City, Sling TV, Healthline.com, and Tilting Point Media.
The Department of Justice noted that investigations have been launched into areas such as location data, streaming applications and devices, employee information, and surveillance-based pricing (where companies collect personal information to differentially price consumers) to ensure companies comply with regulations.
Bonta posted on X platform on February 11, stating, “Consumers should not have to go to great lengths to protect their privacy rights.”