Disney Websites May Run Afoul of Children's Privacy Laws

Disney is under scrutiny by the Federal Trade Commission for flunking the ABCs of children's online privacy laws.

The company first came under review following a complaint filed last December by the Center for Digital Democracy that alleged Marvelkids.com failed to obtain parental consent from children under 13 prior to tracking and collecting personal information about them. Although Disney made some changes in its privacy policy two days later, the CDD said in an amended complaint that the changes were "insufficient." "Disney has cavalierly disregarded some of the basic principles," said Jeff Chester, executive director of the CDD.

"The biggest kids entertainment company is thumbing its nose at kids' privacy. We expect action." Because Disney substituted its companywide policy on Marvelkids.com, the CDD suggested the FTC broaden its inquiry to include all of Disney's kids-directed sites. CDD identified three places where it says Disney did not stick to the letter of the law for children's online privacy.

First, the Marvelkids.com site does not have a direct link on the homepage to the online policy as spelled out in the FTC's guidance. Second, the CDD alleges that Disney's notification about what information third parties are collecting fails to meet the clear and prominent standard and is inaccessible because it is buried in fine print in the "persistent identifiers" section of the policy, making it "not easy to locate." Finally, the CDD also accuses Disney of allowing third parties to collect personal information for purposes other than the internal operations of the website. Forty-three different companies are listed on the website as collecting persistent identifiers.