Disney+ · Disney+ Privacy Policy

Cross-Brand Data Sharing within Walt Disney Family of Companies

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Your personal data is shared across all Disney brands — including ESPN, Hulu, Disney parks, and Disney stores — not just Disney+, as multiple Disney entities act as data controllers over your information.

Consumer impact (what this means for users)

Your streaming viewing history, location data, and personal details collected on Disney+ can be accessed and used by other Disney brands and subsidiaries for targeted advertising and profiling, significantly expanding the scope of data use beyond your Disney+ subscription.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Opt Out of Arbitration
    Visit https://privacychoices.thewaltdisneycompany.com/ and select your data sharing preferences to limit how your information is shared across Disney brands.

Cross-platform context

See how other platforms handle Cross-Brand Data Sharing within Walt Disney Family of Companies and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This means your Disney+ viewing habits, account details, and purchase history can be used across the entire Disney empire for marketing, analytics, and advertising purposes beyond what most users would expect from a streaming service.

View original clause language
When you visit, shop, or create an account with us, or use sites and applications, your information is controlled by a member of The Walt Disney Family of Companies. The list of relevant data controllers can be found here.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision implicates GDPR Art. 26 (joint controllers), Art. 13 (transparency obligations), and Art. 6 (lawful basis for processing) for EU/EEA users, enforced by the Irish Data Protection Commission as Disney's lead EU supervisory authority. Under CCPA/CPRA §1798.140, sharing data between affiliated entities for cross-context behavioral advertising may qualify as 'sharing' personal information, triggering opt-out rights under §1798.120, enforced by the California Privacy Protection Agency. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority under Section 5 of the FTC Act to regulate unfair or deceptive data sharing practices, including inadequately disclosed intra-corporate data transfers used for targeted advertising.
    File a complaint →
  • State AG
    California residents can report violations of CCPA/CPRA opt-out rights related to cross-affiliate data sharing to the California Attorney General or California Privacy Protection Agency.
    File a complaint →

Provision details

Document information
Document
Disney+ Privacy Policy
Entity
Disney+
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003350
Document ID
CA-D-00082
Evidence Provenance
Source URL
https://www.disneyplus.com/legal/privacy-policy
Wayback Machine
View archived versions →
SHA-256
4f1f2a11a74a794c334528c41797e6e7f43e12c1fd0ba95f008d7b0189989ec1
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Disney+ | Document: Disney+ Privacy Policy | Record: CA-P-003350
Captured: 2026-04-27 12:06:39 UTC | SHA-256: 4f1f2a11a74a794c…
URL: https://conductatlas.com/platform/disney/disney-privacy-policy/cross-brand-data-sharing-within-walt-disney-family-of-companies/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document