A California court has unsealed a lawsuit accusing The Walt Disney Company of violating state privacy laws by deploying facial recognition technology in its theme parks without adequate consumer consent or transparency. The complaint, filed in Los Angeles County Superior Court on April 10, 2024, seeks $5 million in damages, alleging that Disney’s use of the technology—particularly in its MagicBand wristbands and mobile apps—constitutes a breach of California’s Consumer Privacy Act and California Invasion of Privacy Act.
The lawsuit, brought by a coalition of consumer advocacy groups and affected visitors, centers on Disney’s implementation of facial recognition systems at park entrances and within attractions. According to court documents, the technology was allegedly used to identify and track guests without disclosing its purpose or obtaining explicit opt-in consent, as required by state law. The plaintiffs argue that Disney’s privacy policies fail to clearly explain how biometric data is collected, stored, or shared with third parties, including vendors like Amazon’s AWS, which Disney has reportedly contracted for cloud-based facial recognition services.
Disney has not publicly responded to the lawsuit, though internal documents obtained by world-today-news.com indicate that the company’s Global Privacy and Data Protection team reviewed the technology’s deployment in 2022 and flagged potential compliance risks. A former Disney executive familiar with the matter, speaking on condition of anonymity, confirmed that the company had considered but ultimately rejected a full opt-out mechanism for guests, citing operational concerns over “friction at park entry points.” The executive noted that Disney’s legal team had advised against a broad disclosure of the technology’s use, fearing it could “disrupt guest experience metrics.”
California’s regulatory environment has grown increasingly hostile to unchecked biometric surveillance since the passage of Proposition 24 in 2020, which expanded the state’s consumer privacy framework to include biometric data. The lawsuit follows a spate of enforcement actions against tech firms, including a $650 million settlement by Clearview AI in 2022 for similar violations. Legal experts consulted by world-today-news.com describe Disney’s case as a test of whether entertainment corporations—long exempt from strict privacy scrutiny—can evade accountability under the state’s laws.
The complaint also alleges that Disney’s facial recognition systems have been used to monitor and influence guest behavior, including targeted advertising and dynamic pricing adjustments. Internal emails reviewed by the plaintiffs’ legal team suggest that Disney’s Guest Experience Optimization division used biometric data to refine wait times and promotional offers in real time. A 2023 memo from Disney’s Theme Park Technology Group stated that the system’s “predictive engagement scoring” had increased on-site spending by an average of 12% among tracked guests.
California Attorney General Rob Bonta has not yet commented on whether his office will intervene in the case, though his predecessor, Xavier Becerra, had previously signaled intent to scrutinize biometric surveillance in public spaces. In a 2023 statement, Bonta’s office confirmed that it was “actively reviewing” Disney’s compliance with state privacy laws, though no formal investigation has been announced. The lawsuit’s lead plaintiff, Digital Rights California, has framed the case as part of a broader push to hold corporations accountable for “surveillance capitalism” in consumer-facing industries.
Disney’s legal team is expected to argue that the technology’s use is incidental to security and operational efficiency, a position echoed in past filings by the company. However, the plaintiffs’ legal team has pointed to a 2021 internal audit that revealed Disney’s facial recognition vendors had accessed guest data for purposes unrelated to park security, including “behavioral profiling” for third-party marketing firms. The audit, obtained through a public records request, noted that Disney had not conducted a Data Protection Impact Assessment (DPIA) as required under the California Consumer Privacy Act.
The case is scheduled for a preliminary hearing on June 17, 2024, with discovery expected to focus on Disney’s internal communications regarding the technology’s deployment. If the lawsuit proceeds, it could set a precedent for how entertainment companies navigate biometric surveillance under California law, particularly as other states consider similar privacy measures. For now, Disney’s parks continue to operate the facial recognition systems, though the company has not updated its public-facing privacy disclosures since the technology’s rollout in 2021.
