Disney Just Got Hit With a Record-Breaking Fine—And It’s All About What They Did With Your Data

If you’ve ever streamed Disney+, Hulu, or ESPN+, you might want to pay attention to this. The Walt Disney Company just agreed to pay $2.75 million to settle allegations that it violated California’s consumer privacy laws—and it’s the largest privacy settlement in the state’s history.

The California Attorney General’s Office announced the settlement on Wednesday, February 11, 2026, following an investigation that started back in January 2024. According to the official announcement from the California Department of Justice, Disney failed to fully honor consumers’ requests to opt out of having their personal data sold or shared with third parties.

What Disney Did Wrong

Here’s where things get interesting. You know how companies are supposed to let you opt out of data sharing? Well, Disney technically offered that option—but it turns out their system was only doing part of the job.

When users tried to opt out through the toggles on Disney’s websites and apps, the company only applied those requests to the specific streaming service and device being used at that moment. If you were watching Disney+ on your phone and opted out, that didn’t automatically protect you when you switched to Hulu on your smart TV. You’d have to opt out all over again on each device and service.

It gets worse. Disney’s webform—the alternative method for opting out—only stopped data sharing through Disney’s own advertising platform. But it kept right on selling your data to third-party ad-tech companies whose tracking code was embedded in Disney’s sites and apps. Many connected TV apps didn’t even have in-app opt-out options, forcing consumers to use the limited webform instead.

And if you were using Global Privacy Control (GPC)—a privacy tool that’s supposed to automatically signal your opt-out preferences across the web? Disney restricted those requests to only the specific device you were using, even though you were logged into your account.

Why This Matters to Theme Park Fans

You might be wondering what this has to do with planning your next Disney World vacation. Well, if you’ve ever logged into your Disney account to book park tickets, make dining reservations, or use the My Disney Experience app, Disney has been collecting data about you. And based on this settlement, there’s a good chance your privacy preferences weren’t being fully honored across all the Disney digital properties you interact with.

Attorney General Rob Bonta put it bluntly: “Consumers shouldn’t have to go to infinity and beyond to assert their privacy rights.”

What Happens Now

Under the settlement, Disney must completely overhaul how it handles opt-out requests. Going forward, the company has to implement systems that actually stop the sale and sharing of your personal information across all devices and streaming services when you ask them to—not just some of them.

This case is part of a broader investigation into streaming services that California launched in 2024, so Disney may not be the only company in the hot seat. The state is still looking into other streaming platforms for similar violations.

The $2.75 million fine is the largest privacy penalty California has ever issued under the California Consumer Privacy Act (CCPA), sending a clear message to companies that half-hearted privacy protections won’t cut it anymore.

For Disney fans who regularly use the company’s apps and streaming services, this settlement should mean better control over your personal data. Whether you’re planning a trip to the parks or just binge-watching your favorite shows, you’ll hopefully have more confidence that when you say “don’t sell my data,” Disney will actually listen—on every device, every time.