Digital Magic in the World of Disney

By:  Soniya Shah

It’s the happiest place on Earth. Until a data breach breaks the magic. Walt Disney was a pioneer of the future and all that it would bring. When designing Tomorrowland in Disney’s Magic Kingdom, engineers channeled the optimism Walt Disney felt for the future. With all his hope for the future of technology, it is hard to imagine Disney predicting data breaches. And yet that’s exactly what’s happened.

Disney has experienced hacks ranging from unauthorized access into Playdom, an interactive game forum, to a stolen Pirates of the Caribbean installment.

Walt Disney World remains one of the world’s largest tourist attractions. There are four theme parks, more than 20 resort hotels, and an internal transportation system with ferries, buses, and a monorail. The Disney MagicBand is an all-access pass that serves as guests’ room keys, park passes, fast passes, dining cards, and more. The bands are lightweight and made of rubber. They track your movements throughout the park, communicating with beacons via RFID technology, using radio signals to communicate.

The MagicBands are great for the Disney business model. They allow Disney to see where guests are located in the park, which means they can strategically place vendors and create walking paths that optimize what they anticipate guests will want. If you use your MagicBand to purchase food or souvenirs, they can track that too. Plus, the bands are personalized, which means you can’t accidentally put on your partner’s band.  

The bands contain two radios, and one of them is standard RFID. The RFID tags only work when within a few inches of the receiver, so you have to tap the band for it to work. The active transmitter in the band can be read throughout the parks, allowing Disney to track users throughout the parks.

This technology poses some concerns for users. Disney’s Privacy Policy states they collect two types of information – personal information and anonymous information that they can use to create a third type of information, known as aggregate information. Data they collect includes transaction information, registration information, location information, and activity information based on how users consume their website and apps.

Disney is aware of the concerns regarding privacy, especially since children are a prime audience for the parks. Disney’s privacy policy addresses children and recognizes they need to provide further privacy protection. They do not hide that they are collecting data from children. In fact, the potential threat to children led then-Representative Ed Markey to write a letter to the CEO of the Walt Disney company. In the letter, he cites a New York Times article about the MagicBands and just how much information can be collected.

However, Disney has made it clear that the use of the MagicBands is optional, although not using them provides a less integrated experience. Without the MagicBand, you would need room keys, park passes, fast passes, photograph tickets, and more. And on a family vacation, it’s easy to see why the MagicBand is the way to go – it is fast and makes it easier to keep track of everything. Disney might even be able to argue that the MagicBands could help track a lost child in the park.

But, we all know there is no way to keep data 100% safe from a breach. We’ve seen it happen before and it will likely happen again. In August 2017, it was announced that Disney was collecting personal information about young customers and then illegally sharing that information with advertisers. A class action lawsuit against Disney claimed that they were violating the Children’s Online Privacy Protection Act (COPPA). The suit alleged that through mobile apps, Disney was collecting data from children under the age of 13 without parental consent. Part of the allegations including tracking software used through the apps. Obviously, this isn’t the first time Disney was in court regarding children’s privacy – they were in court regarding Playdom just a few years before. Given the popularity of Disney – from its apps to its parks, the amount of information they collect is huge, which makes its potential for a data breach even larger. And that potential is frightening when thinking about the impact it could have on the hundreds of thousands of children interacting with Disney on a daily basis.  

As for the future, this is new territory. COPPA is the law, but Disney has allegedly violated that law at least twice. Are the privacy concerns legitimate? After all, there are plenty of other ways for Disney to track people – receipts, credit card transactions, phone signals, and security cameras. It might just depend on what happens next.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: