Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Disney's privacy framework across all company services, including Disney+ streaming, theme parks, e-commerce, and affiliated platforms, detailing categories of personal data collected and permitted uses. The policy authorizes collection of viewing history, precise location data, device identifiers, voice data, payment information, and derived interest inferences, with provisions permitting use for targeted advertising and sharing with affiliates and business partners. The document establishes data subject rights for California residents and EU users, including access, deletion, and opt-out mechanisms for data sales and sharing, exercisable through Disney's Privacy Rights Center.
This document is The Walt Disney Company's global Privacy Policy, governing data collection, use, sharing, and consumer rights across Disney's portfolio of digital and physical services including Disney+, ESPN+, Hulu, parks, merchandise, and third-party integrations, with consent and legitimate interest cited as legal bases depending on jurisdiction. The policy states that Disney collects a broad range of personal information including identifiers, device and usage data, precise geolocation, payment information, demographic data, inferences drawn from activity, voice and audio data, and information derived from connected devices and third-party sources; the terms authorize sharing of this information with affiliates, business partners, service providers, and in certain jurisdictions, third parties in ways that may constitute a 'sale' or 'sharing' under applicable state law. The policy's cross-contextual advertising provisions, inference-drawing from viewing and interaction data, and collection of children's information through family account structures are operationally significant; the document states that Disney does not knowingly collect personal information from children under 13 without verifiable parental consent, though the policy governs services used by families with children and the actual implementation of age-gating and parental consent mechanisms requires independent verification. The policy engages GDPR for EU/EEA users, CCPA and CPRA for California residents, COPPA for child-directed services, and references compliance frameworks for Brazil (LGPD), Canada, and other jurisdictions; enforcement authority is distributed across the FTC at the federal level, state attorneys general, and EU data protection authorities depending on the user's location and the specific data practice at issue. Material compliance considerations include the adequacy of consent mechanisms for sensitive data categories, the completeness of data subject rights fulfillment infrastructure, the accuracy of data retention disclosures, and whether cross-border data transfer mechanisms are current and documented.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Disney+ has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Children's Privacy and COPPA Compliance and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.