January 28, 2013
The Honorable Edward Markey
2108 Rayburn House Office Building
Washington, DC 20515
Congressman Markey:
For 90 years, Disney has been synonymous with high-quality entertainment for families and children of all ages. We use creativity, innovation and technology to create memorable moments and experiences for our hundreds of millions of customers and guests. And, as you well know, Disneys record and commitment to childrens safety and security and the protection of their privacy is exemplary. People around the world trust Disney and its products. That trust is the cornerstone of our company, and we take it very seriously.
We are offended by the ludicrous and utterly ill-informed assertion in your letter dated January 24, 2013, that we would in any way haphazardly or recklessly introduce a program that manipulates children, or wantonly puts their safety at risk.
It is truly unfortunate and extremely disappointing that you chose to publicity attack us before taking the time to review our policies and/or contact us for information, which would have obviated the need for your letter. Had you or your staff made the slightest effort, you would have found most of the answers to your questions already existed and were publically available online at
http://corporate.disney.go.com/corporate/pp.html and
https://disneyworld.disney.go.com/faq/my-disney-experience/privacy-policy/
In the enclosed attachment, we address the questions in your letter about our new, yet-to-be-launched program, MyMagic+. However, to ensure that you fully understand our practices as they pertain to children, and our commitment to our guests privacy, let me be clear and reiterate the basic facts.
MyMagic+ is a completely optional program that was designed with the privacy controls from the outset. Disney does not use personal information to market to children under age 13, does not personalize or target advertisements to an individual child, and never shares childrens personal information with any third party for their marketing purposes. Additionally, parents have full control over their childs participation in MyMagic+. We have transparent privacy practices, guests can control and limit the amount of information they provide to us and how their information is used.
Further details are attached.
Sincerely,
(signature)
Robert A Iger
(Begin Addendum)
MyMagic+ is a completely optional program
Guests can enjoy admission to the park without having to register or provide any personal information. But guests who do choose to participate in MyMagic+ will enjoy the convenience of having their tickets, guaranteed ride times for shows and attractions, resort room access and other enhanced features all in one place. Using MagicBands or cards for purchases is also optional.
MyMagic+ was designed with privacy controls from the outset
The hallmarks of privacy by design are transparency and customer control, and these are central to Disneys overall privacy policies and practices, which can be found at
http://corporate.disney.go.com/corporate/pp.html
Disney does not use personal information to market to children under age 13
Disney does not personalize or target advertisements to an individual child
Disney never shares childrens personal information with any third party for their marketing purposes
Parents have full control over their childs participation in MyMagic+
Parents control whether or not their child participates in MyMagic+, how much information is shared with us, what experiences the child will engage in and whether they use a MagicBand at all. Children cannot create individual registration accounts for MyMagic+.
Parents decide whether to provide information about their childs preferences (such as favorite character or favorite color) for personalized services. These personalized services are also optional.
No matter what the parent decides, Disney does not use personal information to market to children under age 13 and does not personal or target advertising to individual children. Furthermore, we never share childrens personal information with any third party for their marketing purposes.
Disney has transparent privacy practices
Information about the privacy practices associated with the MagicBand is available in multiple locations. Even though the program has not been launched yet, specific information about MyMagic+ and the MagicBand is already available to guests at
https://disneyworld.disney.go.com/faq/my-disney-experience/privacy-policy and available for their review before they decide whether to participate. Additional information about other aspects of the enhanced guest experiences can be found at
https://disneyworld.disney.go.com/login
https://disneyworld.disney.go.com/
Consistent with best practices, when the MagicBand becomes available to our guests we will once again provide the guests with full notice about the information that will be collected by the MagicBand. At that time, the guest can elect to use a card instead, as described more fully below.
Guests can control and limit the amount of personal information they provide to us
Guests who participate in MyMagic+ only provide basic contact information: name, email, address and date of birth. Guests would also provide the name and age of other members of their travel party participating in the program. This information is used to establish the account the guests will use to participate in the program, and is consistent with both practices utilized by the hospitality and travel industries for guest registration and what our resort guests provide today. MyMagic+ participants provide any additional information only at their option.
Guests control how their information is used
Guest's personal data is not stored in the MagicBand. The MagicBand is not GPS-based and does not enable collection of continuous location signals. The long-range readers which detect the MagicBands will be in specific locations for the purpose of providing better service to our guests.
Guests can participate in MyMagic+ and visit the park without using the MagicBand by choosing a card instead. The card contains a short-range chip whose location cannot be detected by the long-range readers stationed in the park. We also plan to provide the option for such guests to use the Fast Pass [sic] system by simply providing basic contact information (name and email address). As is also true for parties using MyMagic+, the system would not require separate email addresses for other members of the guest party.
We will not share location information collected in connection with the MagicBand throughout The Walt Disney Company without the consent of the guest.
As is always the case at Disney, guests participating in MyMagic+ can choose not to receive marketing information from us. MyMagic+ also allows guests to receive offers and tips during their visit to the Walt Disney World parks and resorts, but only if they request them from us.
As described in the Disney privacy policy found at
http://corporate.disney.go.com/corporate/pp.html guests can ask us to amend or delete personal information we may hold about them.
It wont necessarily stop me from going to WDW (although FP+ might get us to reconsider our yearly visits) however I wish they gave you another choice. To say it's an opt out system isn't fair because they basically penalize you for not having the band.
I hadn't thought about that at all...I like the sound of the Magic Band for convenience and the new technology sounds pretty darn cool too. I LOVE the idea of being submersed in the magic the WHOLE time!! 
I know others are worried about the security of the system, but I hadn't heard this take on it before, so I wanted to share...I do know that Disney is nowhere near the first company to do RFID stuff though, so hmmmm. 
