Disney Fined $2.75M in Landmark CCPA Privacy Case

On Presidents’ Day—a moment that symbolises leadership and accountability—a significant development in privacy enforcement sent a strong signal to enterprises. On February 11, 2026, California Attorney General Rob Bonta announced that The Walt Disney Company will pay $2.75 million in civil penalties for violations under the California Consumer Privacy Act (CCPA). The settlement is the largest to date under the law.

The case did not centre on the absence of an opt-out mechanism. Instead, regulators found that consumer requests to stop the sale or sharing of personal data were not consistently applied across devices and services. In some instances, opt-out preferences worked on one device but failed on another, or applied to certain services without extending across the user’s full account ecosystem.

The message from regulators was unequivocal: privacy rights must operate seamlessly across the entire digital environment. Merely offering controls is no longer sufficient if outcomes are inconsistent.

This enforcement action reflects a broader shift in regulatory expectations. Compliance is being judged not by checkbox policies but by operational effectiveness.

For enterprises, the leadership lesson is clear—privacy governance must be unified, technically integrated and consistently enforced across platforms, devices and business units. Fragmented systems are no longer defensible.