What happened
Disney YouTube children’s privacy settlement was announced after Disney agreed to pay $10 million to resolve allegations that its YouTube channels violated U.S. children’s privacy laws. Regulators alleged that Disney collected personal data from children under 13 without obtaining verifiable parental consent, potentially breaching COPPA. The settlement addresses data collection and advertising practices tied to child-directed content distributed through YouTube. While Disney did not admit wrongdoing, the case reflects intensified regulatory scrutiny of how media companies handle children’s data when using third-party platforms and digital advertising technologies.
Who is affected
Media companies, content publishers, and brands distributing child-directed content through platforms like YouTube are affected, particularly those relying on platform analytics and advertising. Organizations operating internationally face compliance challenges due to differing children’s privacy regulations.
Why CISOs should care
Privacy enforcement now directly impacts organizational risk and reputation. CISOs are increasingly accountable for ensuring data protection controls and governance mechanisms are in place, especially for platforms processing children’s data.
3 practical actions
- Audit children’s data flows: Map where and how minors’ data is collected.
- Validate consent mechanisms: Ensure parental consent is properly implemented.
- Strengthen governance: Coordinate security, legal, and privacy compliance teams.