What are the institutional and regulatory implications of this document?

(1) REGULATORY EXPOSURE: This policy implicates GDPR Arts. 5, 6, 9, 13, and 17 (EU/EEA users; enforced by relevant Data Protection Authorities including the Irish DPC as Disney's EU lead supervisory authority); CCPA §1798.100 and CPRA amendments (California residents; enforced by the California Privacy Protection Agency and California AG); COPPA 16 CFR Part 312 (users under 13; enforced by the FTC); the UK GDPR and Data Protection Act 2018 (UK users; enforced by the ICO); and potentially the FT…

How does Disney+'s Disney+ Privacy Policy affect users?

Disney+ collects an extensive range of personal data — including your viewing history, location, device identifiers, voice data, and purchase records — and shares it across all Walt Disney Family of Companies brands as well as external advertising, analytics, and social media partners. Privacy choices you make on third-party platforms (like your Apple or Google privacy settings) do not apply to Disney's own data collection, meaning your data may be used for targeted advertising even if you have…

How often is Disney+'s Disney+ Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Disney+ updates this document?

Yes. Watcher subscribers ($9.99/month) can add Disney+ to their watchlist and receive same-day email alerts whenever this document or any other Disney+ document changes.

Disney+ Privacy Policy — Disney+

8 Total

5 High severity

3 Medium severity

0 Low severity

Summary

This is Disney+'s privacy policy, which explains what personal information Disney collects about you — including your viewing history, location, device data, voice recordings, and purchase history — and how it shares that information across all Disney brands and with third-party advertisers. The most important thing to know is that Disney shares your personal data across the entire Walt Disney Family of Companies and with external advertising and analytics partners, meaning your Disney+ streaming behavior can influence ads you see across Disney's many other properties. You can visit https://privacychoices.thewaltdisneycompany.com/ to manage your communication and data-sharing preferences.

Technical Summary

This document is Disney+'s global privacy policy, governed by applicable law in each jurisdiction where The Walt Disney Family of Companies operates, covering data processing across digital platforms, physical properties (theme parks, stores, cruise ships), and third-party applications. The policy obligates Disney to collect, use, and share a broad range of personal information — including registration data, transaction records, location data, device identifiers, viewing history, voice data, and biometric-adjacent information — for purposes spanning service delivery, targeted advertising, analytics, and cross-brand profiling within the Walt Disney Family of Companies. Notably, the policy permits data sharing with a wide array of third parties including advertisers, data analytics providers, co-branded partners, and social media platforms, and explicitly states that privacy choices made on third-party platforms do not carry over to Disney's own data collection, creating a material gap in user consent expectations. The policy engages GDPR (EU/EEA users), CCPA/CPRA (California residents), COPPA (users under 13), and various other regional frameworks, with Disney's OneTrust-based consent management system serving as the primary compliance mechanism. Material compliance considerations include the breadth of the Walt Disney Family of Companies data-sharing network, the collection of sensitive data categories (voice, location, viewing behavior), and the cross-context behavioral advertising practices that may require opt-out mechanisms under CPRA and similar state laws.

Evidence Provenance

Captured April 22, 2026 06:03 UTC

Document ID CA-D-000082

Version ID CA-V-000878

Source URL https://www.disneyplus.com/legal/privacy-policy

Wayback Machine View archived versions →

SHA-256 ef85f3b0ec943b1ac85f6c134be4b8c3ade425a748647c09450d73d23e6d243c

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 22, 2026 — Document updated medium

Disney+ replaced what appeared to be a basic subscription landing page with a comprehensive privacy policy on April 22, 2026. The new document explains in detail how Disney+ collects, uses, and shares your personal information across its digital services, physical properties, and third-party platforms. This matters because you now have much clearer information about your data rights and how your information may be shared with or collected by third parties.

64 added · 11 modified
View diff → View full record →
ef85f3b0…
March 16, 2026 — Initial capture

Initial snapshot — monitoring begins

827bb44f…

View full version history (0 captures) →

Analyzed Changes

1 change analyzed since monitoring began.

Updated April 22, 2026

medium

What changed Disney+ updated their Disney+ Privacy Policy on April 22, 2026. Change detected: 64 sentence(s) added, 11 sentence(s) modified. Document contained 75 sentences after update.

Consumer impact Disney+ has replaced a minimal subscription page with a full privacy policy that details how your personal data is collected across streaming, physical locations like theme parks and cruise ships, and third-party platforms. Importantly, the policy clarifies that when you use Disney+ through a third-party app or platform, that third party collects data under its own privacy rules — not Disney's. You can review the full privacy policy at Disney+ and check your privacy settings on any third-party platform you use to access Disney+ to understand how your data is handled there.

Why it matters The new policy significantly expands the disclosed scope of data collection beyond streaming activity to include physical Disney properties and third-party platforms, meaning your data may be collected and used in more contexts than you previously understood. Understanding these distinctions is important for making informed choices about how and where you interact with Disney services.

Recent Clause-Level Changes Apr 22, 2026

1 provision unchanged.

View full change record →

High Severity — 5 provisions

Cross-Brand Data Sharing within Walt Disney Family of Companies

Your personal data is shared across all Disney brands — including ESPN, Hulu, Disney parks, and Disney stores — not just Disney+, as multiple Disney entities act as data controllers over your information.

Added April 27, 2026
Third-Party Platform Privacy Choices Not Applicable

If you have opted out of tracking on Apple, Google, or another platform, those choices do not stop Disney from collecting your data through its own apps — Disney only respects privacy choices you make directly with Disney.

Added April 27, 2026
Broad Categories of Personal Data Collected

Disney+ collects a wide range of your personal details when you sign up, make purchases, or contact customer support, including your name, date of birth, email, gender, and payment information.

Added April 27, 2026
Children's Privacy and COPPA Compliance

Disney+ collects date of birth and other personal details at registration, which is relevant to how it handles accounts belonging to children under 13 under COPPA rules.

Added April 27, 2026
Targeted Advertising Data Use and Third-Party Sharing

Disney uses your personal information — including viewing history, device data, and behavioral data — to serve you targeted advertisements and shares this data with third-party advertising partners and analytics providers.

Added April 27, 2026

Medium Severity — 3 provisions

Responsibility for Third-Party Sites and Applications

When you click links from Disney+ to other websites, Disney is not responsible for how those sites collect or use your personal information — you need to read their privacy policies separately.

Added April 27, 2026
OneTrust Consent Management Integration

Disney+ uses OneTrust to manage your cookie and tracking consent, with separate categories for analytics, functional, targeted advertising, and social media cookies.

Added April 27, 2026
California Residents' Privacy Rights (CCPA/CPRA)

California residents and users in other US states with privacy laws have specific rights regarding their personal information held by Disney, including rights to know, delete, correct, and opt out of data sale or sharing.

Added April 27, 2026