Disney has agreed to a $10 million settlement with the U.S. Federal Trade Commission (FTC) over violations of the Children’s Online Privacy Protection Act (COPPA), after improperly labeling some YouTube videos as “not made for kids” — enabling data collection from children under 13 without parental consent.
According to the FTC, several YouTube videos featuring beloved franchises like Frozen, Toy Story, and The Incredibles were mislabeled due to Disney’s reliance on channel-level default settings instead of individually designating each video’s audience category. This oversight meant that child-directed content was often marked incorrectly, allowing personal data collection and targeted advertising in violation of federal law.
The problem wasn’t mere negligence. YouTube had flagged over 300 such misclassified videos in mid-2020 — changing their status to “made for kids.” Despite this warning, Disney maintained channel-level defaults, meaning newly uploaded videos automatically inherited the incorrect labels. This practice persisted even on channels explicitly intended for younger audiences, such as Disney Junior, Mickey Mouse, and Pixar Cars.
The FTC’s complaint cites that the mislabeling exposed young viewers to features YouTube restricted for kids, such as autoplay and personalized ads. Disney, which benefits from ad revenues generated on its YouTube content, reportedly used these defaults without sufficient oversight or individual review.
What $10 Million Buys You
Disney’s settlement isn’t just about the money, though $10 million is hardly pocket change even for a company that size. The real consequence is what Disney has to do going forward, and it’s fascinating because it points toward the future of protecting kids online.
First, Disney has to follow the law—notify parents before collecting children’s data and get their permission first. Revolutionary concept, right?
But here’s the interesting part. Disney also has to create a comprehensive review program for all their YouTube content unless YouTube implements something called “age assurance technology”—systems that can automatically determine how old someone is when they’re watching videos. Think of it as digital ID checking that happens in real-time.
This is huge because it acknowledges that the current system—relying on companies to self-police their content labeling—is fundamentally broken. Instead, we might be heading toward a world where technology automatically protects children without depending on corporate good faith.
The Bigger Picture
FTC Chairman Andrew Ferguson put it bluntly: “Our order penalizes Disney’s abuse of parents’ trust.” But this case is about more than one company’s bad choices. It’s a symptom of a larger problem in how children’s privacy is treated online.
The Children’s Online Privacy Protection Act (COPPA) was passed in 1998, when the biggest worry was kids giving out their home addresses in chat rooms. Now we’re dealing with sophisticated behavioral tracking, AI-powered content recommendation systems, and data brokers who can build detailed psychological profiles from seemingly innocent video viewing habits.
This marks the first COPPA-related settlement brought against a YouTube content provider (as opposed to the platform itself) since the landmark 2019 $170 million YouTube-Google agreement. It shows that even well-established platforms and content companies must rigorously follow privacy requirements — especially when children are their target audience.
The settlement creates some immediate improvements. Disney’s videos should be properly labeled going forward, which means better privacy protections when your kids watch Disney content on YouTube. But the bigger lesson is that parents can’t rely on companies—even ones with wholesome reputations—to automatically do the right thing when money is involved.
