The Walt Disney Company agreed on 2 September 2025 to pay $10 million to settle Federal Trade Commission (FTC) allegations that some of its YouTube videos were mislabeled as “Not Made for Kids,” leading to the unlawful collection of children’s personal data without parental consent. This breach of the Children’s Online Privacy Protection Act (COPPA) raises urgent compliance concerns-especially as age-targeting technologies evolve and data privacy scrutiny intensifies. Why now: regulators are ramping up enforcement of children’s data protections worldwide.
On 2 September 2025, the FTC filed a complaint via the Department of Justice alleging that Disney “failed to properly label some videos that it uploaded to YouTube as ‘Made for Kids,’” enabling data collection and targeted advertising to children under 13 without parental consent, in violation of COPPA.
YouTube requires creators to mark videos as “Made for Kids” (MFK) or “Not Made for Kids” (NMFK). Disney reportedly used the channel-level default setting – marking entire channels as NMFK – so individual child-directed videos weren’t correctly flagged, bypassing COPPA protections.
In mid-2020, YouTube reclassified over 300 Disney videos from NMFK to MFK after alerting the company. Yet Disney continued uploading content under channel-level defaults with mislabeling issues.
Settlement Terms
As part of the settlement reached on 2 September 2025, Disney will:
- Pay a $10 million civil penalty;
- Comply fully with COPPA by securing parental consent before collecting kids’ data;
- Implement a video-review program to correctly label YouTube uploads as MFK, unless YouTube deploys an age-assurance system itself.
Official Statements
FTC Chairman Andrew N. Ferguson emphasized:
“This case underscores the FTC’s commitment to enforcing COPPA … Our order penalizes Disney’s abuse of parents’ trust, and, through a mandated video-review program, makes room for the future of protecting kids online—age assurance technology.” (WDW News Today, The Verge)
Disney responded, stating it remains committed to protecting children’s privacy, clarifying the issue was limited to YouTube-distributed content and not its own platforms.
Global & MEA Perspective
Although the settlement is U.S.-centric, it resonates globally. The COPPA framework is mirrored in GDPR (EU), Data Protection Laws (MEA), and forthcoming COPPA 2.0 legislation in the U.S., which proposes extending protections to minors up to 16 years old.
For MEA CISOs and regulators, Disney’s case highlights the need for stricter oversight of children’s content, including mandatory age assurance technologies, robust labeling governance, and cross-border data protection strategies.
Global Context & Comparison
This is the first known FTC COPPA settlement against a YouTube content provider since the $170 million enforcement action against Google and YouTube in 2019. That case led to platform-wide restrictions – no targeted ads, personalization, comments, or playlists – for MFK content on YouTube from early 2020 onward.
Disney’s case signals regulators are now targeting not just platforms but also third-party content creators. As global data privacy enforcement tightens, companies worldwide – especially in MEA – must audit labeling and data practices proactively to avoid similar penalties.
Actionable Takeaways for Defenders & Executives
- Audit content labeling workflows: Ensure default settings are at the video level, not channel-level, to avoid misclassification.
- Implement video-review protocols: Establish regular checks to verify “Made for Kids” vs. not-for-kids designations.
- Monitor platform notifications: Respond promptly to warnings from platforms like YouTube to reclassify content.
- Deploy age assurance tools: Invest in verified age detection or consent mechanisms as best-practice adoption accelerates.
- Extend governance globally: Apply COPPA-like standards across MEA operations, complying with GDPR, UAE PDPL, and other local laws.
- Train content teams on compliance: Educate creators and publishers on labeling obligations and legal risks.
- Prepare for evolving laws: Anticipate expanded protections under COPPA 2.0 and similar future regulations.
- Document compliance efforts: Maintain records of labeling audits and parental consent processes as evidence of due diligence.
- Engage legal and privacy counsel across jurisdictions: Ensure cross-border data handling aligns with emerging privacy standards.
- Communicate transparently with stakeholders: Include privacy safeguards in brand commitments to consumers and regulators.
Conclusion
Disney’s $10 million COPPA settlement marks a pivotal shift: regulators are extending scrutiny from platforms to third-party content creators. The case underlines the urgent need for precise content labeling, parental consent processes, and technological age verification. For MEA and global organizations, proactive compliance—across regulatory regimes—is essential to mitigate liabilities and preserve trust. As digital media evolves, the expectation is clear: protecting children’s privacy must be integral—not optional—to content strategy and governance.
Sources
- FTC press release (U.S. gov) – 2 September 2025
- Reuters coverage – 2 September 2025
- Axios exclusive – 2 September 2025
- The Verge analysis – 2 September 2025
- People.com report – 2 September 2025
- Wall Street Journal summary – 2 September 2025
- Wikipedia COPPA entry (incl. COPPA 2.0 details)
- Historical context: 2019 Google/YouTube COPPA settlement
- Research on MFK content impact post-2019 settlement
