By: Soniya Shah
It’s the happiest place on Earth. Until a data breach breaks the magic. Walt Disney was a pioneer of the future and all that it would bring. When designing Tomorrowland in Disney’s Magic Kingdom, engineers channeled the optimism Walt Disney felt for the future. With all his hope for the future of technology, it is hard to imagine Disney predicting data breaches. And yet that’s exactly what’s happened.
Walt Disney World remains one of the world’s largest tourist attractions. There are four theme parks, more than 20 resort hotels, and an internal transportation system with ferries, buses, and a monorail. The Disney MagicBand is an all-access pass that serves as guests’ room keys, park passes, fast passes, dining cards, and more. The bands are lightweight and made of rubber. They track your movements throughout the park, communicating with beacons via RFID technology, using radio signals to communicate.
The MagicBands are great for the Disney business model. They allow Disney to see where guests are located in the park, which means they can strategically place vendors and create walking paths that optimize what they anticipate guests will want. If you use your MagicBand to purchase food or souvenirs, they can track that too. Plus, the bands are personalized, which means you can’t accidentally put on your partner’s band.
The bands contain two radios, and one of them is standard RFID. The RFID tags only work when within a few inches of the receiver, so you have to tap the band for it to work. The active transmitter in the band can be read throughout the parks, allowing Disney to track users throughout the parks.
However, Disney has made it clear that the use of the MagicBands is optional, although not using them provides a less integrated experience. Without the MagicBand, you would need room keys, park passes, fast passes, photograph tickets, and more. And on a family vacation, it’s easy to see why the MagicBand is the way to go – it is fast and makes it easier to keep track of everything. Disney might even be able to argue that the MagicBands could help track a lost child in the park.
But, we all know there is no way to keep data 100% safe from a breach. We’ve seen it happen before and it will likely happen again. In August 2017, it was announced that Disney was collecting personal information about young customers and then illegally sharing that information with advertisers. A class action lawsuit against Disney claimed that they were violating the Children’s Online Privacy Protection Act (COPPA). The suit alleged that through mobile apps, Disney was collecting data from children under the age of 13 without parental consent. Part of the allegations including tracking software used through the apps. Obviously, this isn’t the first time Disney was in court regarding children’s privacy – they were in court regarding Playdom just a few years before. Given the popularity of Disney – from its apps to its parks, the amount of information they collect is huge, which makes its potential for a data breach even larger. And that potential is frightening when thinking about the impact it could have on the hundreds of thousands of children interacting with Disney on a daily basis.
As for the future, this is new territory. COPPA is the law, but Disney has allegedly violated that law at least twice. Are the privacy concerns legitimate? After all, there are plenty of other ways for Disney to track people – receipts, credit card transactions, phone signals, and security cameras. It might just depend on what happens next.