The policy authorizes sharing of device identifiers or hashed email addresses with third-party advertising partners to deliver and measure targeted advertising both on Disney's own platforms and on external third-party sites and applications.
This analysis describes what Disney+'s agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a data sharing mechanism that extends beyond Disney's own platforms to third-party advertising ecosystems, using identifiers and hashed email addresses as linkage data. Under California law, this type of sharing may constitute a 'sale' or 'sharing' of personal information for cross-context behavioral advertising purposes, which triggers CCPA opt-out rights.
Under this clause, device identifiers or hashed email addresses may be transmitted to third-party advertising partners to enable targeted advertising based on user activity, both on Disney properties and on non-Disney websites and applications. Users can opt out of this data sharing through the 'Do Not Sell or Share My Personal Information' link in Disney website footers or app settings.
Cross-platform context
See how other platforms handle Targeted Advertising via Identifier and Hashed Email Sharing and similar clauses.
Compare across platforms →Monitoring
Disney+ has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"When we provide you with relevant advertising on third-party sites and applications, we may share limited personal information about you, such as certain identifiers or hashed email address, with third parties. We may also share such information to provide you with and to measure relevant third-party advertising on our sites and applications.— Excerpt from Disney+'s Walt Disney Company Privacy Policy
1) REGULATORY LANDSCAPE: This provision engages CCPA's definitions of 'sharing' for cross-context behavioral advertising for California residents, GDPR's consent and legitimate interest requirements for EU and UK users in the context of third-party cookie and identifier-based advertising, and FTC Act Section 5 regarding unfair or deceptive advertising data practices. The EU ePrivacy Directive may also apply to identifier-based tracking technologies. 2) GOVERNANCE EXPOSURE: High. Sharing hashed email addresses and device identifiers with third-party advertising partners constitutes 'sharing' under CCPA as amended by CPRA, triggering opt-out obligations. The policy discloses an opt-out mechanism, which addresses this requirement, but the adequacy of that mechanism requires operational verification. 3) JURISDICTION FLAGS: California residents have a statutory opt-out right for this category of data sharing. EU and UK users require a valid legal basis, typically consent, for identifier-based third-party advertising data flows. Illinois residents should note that if device-derived biometric identifiers are implicated, BIPA considerations may arise, though this document does not explicitly address biometric data in the advertising context. 4) CONTRACT AND VENDOR IMPLICATIONS: The reference to third-party advertising partners receiving identifiers or hashed email addresses creates a vendor assessment obligation for organizations managing advertising spend or co-marketing arrangements with Disney. The policy does not name the specific advertising technology partners receiving this data. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the opt-out mechanism linked in website footers and application settings is operationally effective and applies across all Disney-branded properties. Data mapping should identify which third-party advertising partners receive identifiers or hashed emails, under what contractual terms, and whether those terms satisfy GDPR processor or controller requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a data sharing mechanism that extends beyond Disney's own platforms to third-party advertising ecosystems, using identifiers and hashed email addresses as linkage data. Under California law, this type of sharing may constitute a 'sale' or 'sharing' of personal information for cross-context behavioral advertising purposes, which triggers CCPA opt-out rights.
Under this clause, device identifiers or hashed email addresses may be transmitted to third-party advertising partners to enable targeted advertising based on user activity, both on Disney properties and on non-Disney websites and applications. Users can opt out of this data sharing through the 'Do Not Sell or Share My Personal Information' link in Disney website footers or app settings.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Disney+.