Disney collects a very wide range of information about you, including identifiers, device data, payment details, your precise location, what you watch and read, inferences about your interests, voice recordings, and in some contexts biometric and health data.
This analysis describes what Disney+'s agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of data categories collected across all Disney services means that activity on one platform can be linked to your profile on others, building a detailed picture of your preferences, habits, and household.
Interpretive note: The scope and lawful basis for collecting sensitive categories such as biometric and health data may vary significantly by jurisdiction and the specific Disney service involved; not all categories may be collected across all services.
Your viewing habits on Disney+, location data, device identifiers, and inferred interests can all be collected and combined into a profile used for advertising and personalization across Disney's entire portfolio of services.
How other platforms handle this
We collect information you provide directly to us, such as when you create an account, contact us for support, sign up for marketing emails, or otherwise communicate with us. The types of information we may collect include your name, email address, postal address, phone number, company name, job tit...
We collect information you provide directly to us, such as when you create an account, use our Services, make a purchase, or contact us for support. The types of information we may collect include your name, email address, password, phone number, credit card and other payment information, and any ot...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Disney+ has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect a variety of information about you and your use of our Services. This includes: Identifiers and Contact Information ... Device, Network and Technical Information ... Payment Information ... Location Information ... Viewing, Reading and Listening Data ... Inferences ... Voice, Audio and Visual Information ... Biometric Information ... Physical Activity Data ... Health and Medical Information ... Financial Information— Excerpt from Disney+'s Disney Privacy Policy
REGULATORY LANDSCAPE: The collection of sensitive data categories including biometric information, health data, precise geolocation, and voice recordings implicates GDPR Article 9 (special categories of data) for EU/EEA users, CPRA's expanded sensitive personal information protections for California residents, COPPA for any data collected from children under 13, and potentially Illinois BIPA for biometric data depending on the collection context and user location. The FTC holds primary federal enforcement authority; state AGs and EU/UK data protection authorities also have jurisdiction. Where the policy asserts collection of biometric and health data, applicable law may require explicit consent or impose heightened obligations beyond what the policy's general consent framework provides. GOVERNANCE EXPOSURE: High. The policy discloses collection of categories that trigger heightened legal obligations in multiple jurisdictions simultaneously, including biometric data (Illinois BIPA), health data (HIPAA does not apply but CPRA and GDPR do), and children's data (COPPA). The combination of these categories across a single account creates complex multi-jurisdictional compliance obligations. JURISDICTION FLAGS: California residents are protected by CPRA's sensitive personal information framework, which grants opt-out and limitation rights for precise geolocation, biometric, and health data. EU/EEA users require explicit consent or another GDPR-compliant legal basis for special category data. Illinois users may have BIPA claims if biometric identifiers are collected without proper notice and consent. Minors across all US jurisdictions are protected by COPPA. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams integrating with Disney's data ecosystem should verify that data processing agreements cover all categories listed in this policy, particularly sensitive categories. Vendors receiving inferred or derived data should assess whether such data constitutes personal information under applicable law and whether appropriate data processing agreements are in place. COMPLIANCE CONSIDERATIONS: Legal teams should map each disclosed data category to a documented lawful basis under GDPR; audit whether consent mechanisms for sensitive categories meet the higher GDPR standard of explicit consent; verify that CPRA's sensitive personal information opt-out and limitation rights are technically implemented; and confirm that biometric data collection, if implemented, complies with Illinois BIPA notice and consent requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of data categories collected across all Disney services means that activity on one platform can be linked to your profile on others, building a detailed picture of your preferences, habits, and household.
Your viewing habits on Disney+, location data, device identifiers, and inferred interests can all be collected and combined into a profile used for advertising and personalization across Disney's entire portfolio of services.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Disney+.