Spirited News and Observations and Opinions ...

GoofGoof · Jan 6, 2013

Cosmic Commando said:
I think I got something. This is a little old, and I don't know what became of it, but here's a start (emphasis is mine):
From 9/25/12:
http://www.nationaljournal.com/blog...blast-proposed-change-to-child-privacy-law-25

Bottom line seems to be if there are/were no changes to COPPA and their FP+ website/app gets classified as "directed at children", their data mining dreams go completely out the window. I wouldn't be surprised if this was the reason there's a "mydisneyexperience.com" instead of integrating it into disney.com or disneyworld.com. Now to find out what happened since 9/25/12.

Disney got slapped with a $3M fine for violations of COPPA for one of their online games websites. I think that's why they were fighting for a looser interpretation. For Nextgen data they could either a) not collect data on guests under 13 by simply deactivating their wrist bands or having a kids version of the band without active RFID or b) simply require the parents to consent. It's not like kids 13 and under would be wandering up to the front gate buying park admission without a parent. Even for online sites you can collect data on kids under 13 as long as the parents consent first.

http://www.huntonprivacyblog.com/20...ppa-violation-charges-with-3-million-penalty/

flynnibus · Jan 6, 2013

Goofyernmost said:
NextGen is a management tool and as such is marketable. It isn't going to make Disney more popular and have people come running in just to use it. It actually looks like it has the possibility to do just the opposite by demanding to much planning and commitment.

If you turn around and sell your competitive edge.. its no longer a competitive edge. That is the #1 reason you wouldn't sell the platform and technology developed.

Second, Disney is not in the IT consulting business. Why on earth would you guys keep suggesting they get into it.. and in turn erase the very competitive edge they are trying to build.. at an investment of over a billion dollars and many years of work.

the.dreamfinder · Jan 6, 2013

flynnibus said:
Second, Disney is not in the IT consulting business.

Considering that they're already in the Timeshare and Real-Estate business, why not?

Hakunamatata · Jan 6, 2013

flynnibus said:
If you turn around and sell your competitive edge.. its no longer a competitive edge. That is the #1 reason you wouldn't sell the platform and technology developed.

Second, Disney is not in the IT consulting business. Why on earth would you guys keep suggesting they get into it.. and in turn erase the very competitive edge they are trying to build.. at an investment of over a billion dollars and many years of work.

The most important reason they would? Investment of over a billion dollars. It would take a very long time to recoup that by selling an extra tshirt to someone because they know that Billybob checks his wallet every time he walks by POTC.

flynnibus · Jan 6, 2013

GoofGoof said:
If Disney could justify that GM is a joint marketed partner for test track maybe that would be a loop whole in the privacy policy, but that would be a stretch IMHO. I think you are right you would probably still have to opt in to have your info sent to GM.

Here's how you would exploit it.

Test Track isn't just about Test Track. There are retail cars on display in the pavilion to demonstrate Chevy's current products and technologies. By that inclusion of the real products and services in the attraction, I can turn around and say sending you marketing material about new cars for sale would be jointly marketed subjects.

Similar to where say.. Nestle is a sponsor at a food location and provides the food and you buy their branded products. The Nestle products are then part of the experience you participated in - and now are within scope of joint marketed.

Many companies are very deceitful in this area - and having an angle is enough vs having a moral obligation to be more clear. There are way too many loopholes and far too difficult to track info leaks back. So much so, no one bothers to follow up. Instead of stupid laws like 'Do Not Call' with special interest exceptions you could drive a truck through.. a meaningful law would be to require a company to disclose exactly who shared your info to start with. Then, you could go after the leak, rather than the people who use the info.. of which you have no leverage over to start with because you aren't a consumer of theirs.

Cosmic Commando · Jan 6, 2013

http://www.natlawreview.com/article/ftc-will-propose-broader-children-s-online-privacy-safeguards
(emphasis mine again)

FTC Will Propose Broader Children’s Online Privacy Safeguards

Speaking at a Dec. 15 Capitol Hill forum on children’s and teens’ online privacy, Federal Trade Commission Chairman Jon Leibowitz said that the agency is recommending that the Children’s Online Privacy Protection Act (COPPA) expand the definition of personally identifiable information.
Leibowitz explained that he supports expanding the definition of “personally identifiable information” to include geolocation information, photos, videos, IP addresses, and similar items found on computers or mobile devices.
COPPA applies to the online collection of personal information from children under 13 years old. The act applies to websites and online services that are operated for a commercial purpose and are directed at children under the age of 13 or whose operator has actual knowledge that children under 13 are providing information to the site online.
The act outlines what a website operator must include in a privacy policy, the responsibilities of the operator to protect children’s online safety, and how consent can be obtained from a parent.
In September, the FTC announced proposed revisions to the COPPA rules, the first significant changes to the Act since it the rules were issued in 2000. The FTC has been seeking public comments on the proposed revisions since September.
According to Leibowitz, the definition of personally identifiable information should be expanded from information provided by the consumer, to also include information used by the user’s computer or mobile device. This would include information held in cookies, processor numbers, IP addresses, geolocation information, photographs, videos, and audio files. Additionally, the new definition would now include information that web site operators, advertising networks, and others use to track consumers as they use the Internet.
The proposed rule changes would also expand the definition of what it means to “collect” data from children. The new definition would make it clear that personal information is being collected not only when the operator is requiring the personal information but also when the operator prompts or encourages a child to provide the information.
The way parental consent is obtained from parents would also be changed to add several new methods such as electronic scans of parental consent forms and the use of government issued identification that is checked against a database. The rules would also eliminate the popular “e-mail plus” mechanism .
The new rules would also present a data retention and deletion requirement, which would mandate that data that is obtained from children is only kept for the amount of time necessary to achieve the purpose that it was collected for. The rules would also add the requirement that operators ensure that any third parties to whom a child’s information is disclosed have reasonable procedures in place to protect the information.
These proposed changes to COPPA will have a significant effect on online operators, particularly the expansion of the definition of personally identifiable information. We note, particularly, that the expansion of the definition of “personally identifiable information” in the children’s privacy context could lead to a general expansion by the FTC of the definition in all contexts. The FTC has cracked down on COPPA violations in the past, and these new powers will likely continue this trend.

And just for the heck of it is an excerpt from TWDC Kids' Online Privacy Policy:

Q1. What types of personal information do we collect about kids?
A1. Kids can surf Disney.com and other WDIG sites, view content, and play many games without any personal information being collected. We do not collect personal information from kids unless they register on WDIG sites. Typically, kids will register in order to participate in sweepstakes or contests or to participate in a special activity. The only information we collect from kids during our registration process is a kid's first name, parent's e-mail address, kid's birth date, member name, and password. We collect birth dates to validate the ages of our guests, including kids. We do not collect any other personally identifiable information from kids during our registration process. We also will collect a kid's e-mail address from a parent for the purpose of sending the kid e-mail related to a subscription. For example, we would send Disney Game Kingdom Online Post to a kid directly at the request of the kid's parent. Note that all sites that are directed to children under 13 are prohibited by law from conditioning a kid's participation in an online activity on the kid's providing more personal information than is reasonably necessary.

Based on their proposal to the FTC about revisions to COPPA, what they're not telling you in that last sentence is that sites that are considered "directed to children under the age of 13" are prohibited from collecting the information about anyone, child or not. So, doing the math... Disney could be completely barred from collecting certain types of data and those types of data that are restricted are growing and growing. Won't be able to collect geolocation information? Hmm...

The thing that actually really fascinates me that just occurred to me while reading this past article: suppose Disney's lawyers looked everything over and are confident that FP+ and My Disney Experience and NextGen can stand up against the current laws and even these proposed changes. OK, well that covers the law today, but there's no question about which direction the laws are headed-- the noose is getting tighter. You don't get grandfathered into these kinds of things just because you spent $2B, and history may regard these times as the wild, wild West of data mining (think file sharing circa 2000). What will the laws look like two years from now? TWDC certainly won't have made their money back in Orlando, will probably halfway through spending a stupid amount of money to do the same thing in Anaheim and certainly won't have duped a bunch of other companies into taking the bait yet. Well, at least they got a really good deal on Lucasfilm.

flynnibus · Jan 6, 2013

SirOinksALot said:
So let's be ridiculous and assume they inconspicuously ripped out walls at the Emporium and have an RFID reader in the doorframes of entrances. The things have a range of 20 feet. RFID can only read the presence of tags. What about all those people walking past on the sidewalk? That's going to be a nightmare.

Antenna design.. it is science

flynnibus · Jan 6, 2013

GoofGoof said:
It's not like kids 13 and under would be wandering up to the front gate buying park admission without a parent. Even for online sites you can collect data on kids under 13 as long as the parents consent first.

exactly - I see this as more a technicality for the implementation - not a barrier. Parental Consent is easy enough. Disney's (and others) complaints are about having to gate the site as if everyone needs the age check.. vs being able to provide content without going through the gate first.

flynnibus · Jan 6, 2013

hakunamatata said:
The most important reason they would? Investment of over a billion dollars. It would take a very long time to recoup that by selling an extra tshirt to someone because they know that Billybob checks his wallet every time he walks by POTC.

Not when you multiply that effect over the tens of millions of customers per year.. spending hundreds of millions of dollars.

Even a 5-10% increase is monster when you apply it across huge piles.

Cosmic Commando · Jan 6, 2013

GoofGoof said:
Disney got slapped with a $3M fine for violations of COPPA for one of their online games websites. I think that's why they were fighting for a looser interpretation. For Nextgen data they could either a) not collect data on guests under 13 by simply deactivating their wrist bands or having a kids version of the band without active RFID or b) simply require the parents to consent. It's not like kids 13 and under would be wandering up to the front gate buying park admission without a parent. Even for online sites you can collect data on kids under 13 as long as the parents consent first.

http://www.huntonprivacyblog.com/20...ppa-violation-charges-with-3-million-penalty/

The Playdom case is close, but separate I think. They just flat out took information about kids under 13 that they weren't supposed to. Think about what Disney is proposing to the FTC: "Under Disney's proposal, the COPPA requirements would only kick in for "family-friendly" sites when such a site is dealing with children under 13. In that situation, the site would either not collect personal data from the child or would have to obtain parental consent. "

Disney does not want to change what information can be collected about children; rather, they want to create a new "rating" for websites where the privacy law only applies when actually dealing with children under 13. The only way I can logically read that is that currently, if your site is "directed at children" then you can't collect the information at all.

GoofGoof · Jan 6, 2013

Cosmic Commando said:
http://www.natlawreview.com/article/ftc-will-propose-broader-children-s-online-privacy-safeguards
(emphasis mine again)

And just for the heck of it is an excerpt from TWDC Kids' Online Privacy Policy:

Based on their proposal to the FTC about revisions to COPPA, what they're not telling you in that last sentence is that sites that are considered "directed to children under the age of 13" are prohibited from collecting the information about anyone, child or not. So, doing the math... Disney could be completely barred from collecting certain types of data and those types of data that are restricted are growing and growing. Won't be able to collect geolocation information? Hmm...

The thing that actually really fascinates me that just occurred to me while reading this past article: suppose Disney's lawyers looked everything over and are confident that FP+ and My Disney Experience and NextGen can stand up against the current laws and even these proposed changes. OK, well that covers the law today, but there's no question about which direction the laws are headed-- the noose is getting tighter. You don't get grandfathered into these kinds of things just because you spent $2B, and history may regard these times as the wild, wild West of data mining (think file sharing circa 2000). What will the laws look like two years from now? TWDC certainly won't have made their money back in Orlando, will probably halfway through spending a stupid amount of money to do the same thing in Anaheim and certainly won't have duped a bunch of other companies into taking the bait yet. Well, at least they got a really good deal on Lucasfilm.

I'm far from an expert on this, but where does it say that they are prohibited from collecting data from anyone on sites considered to be "directed at children"? I thought the COPPA rules were very specific in protecting information only on children under 13. I also think it would be fairly easy for WDW to require consent from the parents and/or not track the kids. I'm still not seeing this being much or a game changer for NextGen.

Hakunamatata · Jan 6, 2013

All I can say is I'm going to enjoy the extra churros and premium Mickey bars I'm going to be enticed into buying....

GoofGoof · Jan 6, 2013

hakunamatata said:
All I can say is I'm going to enjoy the extra churros and premium Mickey bars I'm going to be enticed into buying....

They didn't need to spend $1.5B to entice me into buying a Mickey Bar. A cheap cardboard signs is all it takes

Lil Fort · Jan 6, 2013

GoofGoof said:
I'm far from an expert on this, but where does it say that they are prohibited from collecting data from anyone on sites considered to be "directed at children"? I thought the COPPA rules were very specific in protecting information only on children under 13. I also think it would be fairly easy for WDW to require consent from the parents and/or not track the kids. I'm still not seeing this being much or a game changer for NextGen.

It is most certainly a game changer when you add in the new COPPA extension to moble apps/devices. Part of FP+ allows users to add/change FastPasses via mobile devices. Since some of the recipients of these FastPasses are children and Disney wants to collect this data for datamining purposes it could potentially be a huge hole in their plan.

Cosmic Commando · Jan 6, 2013

GoofGoof said:
I'm far from an expert on this, but where does it say that they are prohibited from collecting data from anyone on sites considered to be "directed at children"? I thought the COPPA rules were very specific in protecting information only on children under 13. I also think it would be fairly easy for WDW to require consent from the parents and/or not track the kids. I'm still not seeing this being much or a game changer for NextGen.

I could be missing something (I never count out that possibility!

), but the change that Disney is proposing reads to me like this: they want to create a class of website where the COPPA rules apply to children under 13 and don't when not dealing with children under 13. That reads to me like right now it's all or nothing. Either you have a "grown-up" website (notice which word I didn't use there!) or a website "directed at children". Which segments of the company draw audiences on both sides of the "13" line? It's not Doc McStuffins. Movie studio and Parks & Resorts is my guess. So which part of the company draws an audience with a wide age range AND thinks it can gain $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ by collecting mountains of personal data about its customers?

They can collect data on children with parents' consent; maybe the deal is that you need explicit consent from an adult to collect this sort of data on anyone if your website is "directed at kids". You could provide your own consent, of course, but if Disney is forced to provide you with a box that says "check here if you want us to track you all over property to milk more money out of you", nobody will go along with it.

jlsHouston · Jan 6, 2013

HMF said:
I think the media should be reporting on this.

So why isn't the media or one of the bloggers reporting on any of this ?

jlsHouston · Jan 6, 2013

Monty said:
WDW survived the "PR nightmare" when the biometrics scans were ranted against in the same manner. "OMG they're fingerprinting me and sharing it with the CIA!" was the inanity of the day. They'll comfortably survive this not matter how much '74 stirs the paranoiac pot.

There's nothing illegal being done or even suggested by Disney that I can see. But "haters gonna hate".

Excellent point, they sure did..

asianway · Jan 6, 2013

jlsHouston said:
So why isn't the media or one of the bloggers reporting on any of this ?

Bloggers? You're kidding right

Jimmy Thick · Jan 6, 2013

Has Jessie Ventura been contacted about the pending NEXT GEN conspiracy?

Jimmy Thick- Tin foil hats? Anyone?

miles1 · Jan 6, 2013

Sorry, I haven't read every single post here because some other things keep side tracking me, like eating and sleeping. Forgive me if I'm restating some other posts.

My biggest fear from all of this is that all the tracking, targeted promotion and "scheduled" touring are going to turn WDW into someplace that I no longer want to visit. For me the motivation for visiting WDW, and taking a vacation in general, is to escape from the phone, hustle, and constant profit-motivated onslaught of everday life. If this initiative manifests itself as many here are suggesting, I think I'll be heading elsewhere.

Also, I wouldn't be surprised if the higher-ups in the company already know what a boondoggle it is, but they were already in too deep when they realized the mistake. Nobody was going to stand up in front of the stockholders and say "we're taking a $1B write off for this failed initiative"; now its a $2B problem and none of them are going to stake the rest of their career to say so.

This gave me a chuckle, as explained below:

Cosmic Commando said:
I just don't see Disney selling the info at this time. I know companies do it: eons ago when I signed up for a landline telephone, I got a person that didn't speak English very well. They wrote my name down as Spepien Johnson, which is only tangentially related to my real name. All of a sudden, tons of junk mail started showing up for Spepien Johnson even though I wasn't listed in the phone book.

My mother-in-law's legal name is Malia Isabel (Smith). She always disliked her first name and used Isabel as her first name instead, except for when signing legal documents which she signed as "M. Isabel Smith". Obviously a bank or other institution sold their mailing list to a clearing house, which then ran it through a spell check. She constantly receives mail addressed to "MISERABLE SMITH".

Finally, with all this tracking technology at their fingertips, how come they couldn't find a way to keep Lindsay Lohan out of trouble?

Spirited News and Observations and Opinions ...

GoofGoof

flynnibus

the.dreamfinder

Well-Known Member

Hakunamatata

Le Meh

flynnibus

Cosmic Commando

Well-Known Member

flynnibus

flynnibus

flynnibus

Cosmic Commando

Well-Known Member

GoofGoof

Hakunamatata

Le Meh

GoofGoof

Lil Fort

Well-Known Member

Cosmic Commando

Well-Known Member

jlsHouston

Well-Known Member

jlsHouston

Well-Known Member

asianway

Well-Known Member

Jimmy Thick

Well-Known Member

miles1

Active Member