California AG Announces $2.75M CCPA Settlement with Disney, Largest in State History

Want to receive these privacy recaps in your inbox each week? Subscribe here.

The California Attorney General announced a landmark $2.75 million settlement with Disney over alleged CCPA violations related to the company’s opt-out processes, highlighting California’s continued focus on opt-out enforcement. 

Meanwhile, Didomi released its 2026 Data Privacy Benchmark Report, offering a look at real-world consent collection trends to help you assess your privacy operations.

United States

California AG Announces $2.75M Settlement with Disney, its Biggest CCPA Action to Date.

On February 11, 2026, the California Attorney General announced a landmark $2.75 million settlement with Disney, marking the largest CCPA-related enforcement action to date in California. 

The core issue was Disney’s failure to fully honor consumers’ requests to opt out of the sale or sharing of their personal data. The state alleged that the company’s opt-out processes were non-compliant and cumbersome, often requiring consumers to opt out device by device or service by service, rather than providing a universal opt-out that applies across all associated accounts.

Specifically, California alleged several implementation failures, including: 

• Opt-out toggles were limited to the specific service or device being used. 
• Opt-out forms failed to stop data sharing with third-party adtech companies.
• Connected TV streaming apps often redirected users to a web form instead of offering an in-app solution. 
• Global Privacy Control (GPC) signals were limited to the specific device, even when the consumer was logged into their account. 

The settlement (pending court approval) requires Disney to pay $2.75M and to implement effective, universal opt-out methods.

TAKEAWAY

This settlement is another reminder that regulators are looking beyond UI disclosures and focusing on whether opt-out rights are implemented end-to-end, including across services, devices, and embedded third parties.

For streaming and CTV, in particular, the key question is whether opting out actually changes what happens behind the scenes. After a user opts out, do the relevant partners stop receiving data (or receive less of it) everywhere that user is logged in? When the opt-out experience differs across web, mobile, and CTV, those inconsistencies can become the main compliance risk.

To learn more about the case and practical steps to avoid these pitfalls, see our full analysis on the Didomi blog (which includes the recording of our recent webinar on CTV enforcement).

United states

Didomi 2026 Data Privacy Benchmark Report

For the fourth consecutive year, Didomi published its benchmark report on consent collection, banners, and industry trends. 

Built from aggregated data collected across thousands of digital properties, the report provides a view of how consent banners perform in the real world, and a practical read on the trends shaping privacy operations this year. 

Some of the information and data featured in the report include:

• U.S. banner performance by state: acceptance rate and opt-out rate benchmarks, with commentary on what may be driving the shift year-over-year.
• Consent banner mechanics: banner position performance, the impact of refusal options, and how often users go beyond the first layer.
• Rise of privacy frameworks: Focus on Global Privacy Protocol (GPP) and Global Privacy Control (GPC), as well as the TCF and other platform-specific frameworks.

In the context of the Disney settlement, the report is a useful benchmark for sanity-checking how users actually interact with privacy choices, and where UX and implementation gaps tend to appear. If you’re looking for a practical reference, download the full report on the Didomi website:

A LITTLE MORE PRIVACY, IF YOU PLEASE

• Cross-device consent: What the French DPA (CNIL) recommends
• AI governance in the United States: between state laws and federal preemption
• Advertising privacy in Canada is getting more complex: what advertisers need to know

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.