Magic Bands coming to Disneyland???

[RedVines2001]

I have a really hard time imagining how this would apply to Magic Bands but not a myriad of other devices including smartphones and smart watches but

Me too. But this law was enacted in 1999 when smart phones and watches didn't exist yet. I'm guessing there's an element of consent with smartphones/watches that gets them around this.

 

[Kender]

I have a really hard time imagining how this would apply to Magic Bands but not a myriad of other devices including smartphones and smart watches but

I personally find it a stretch to draw a connection with the penal code quoted to you and it applying to MBs myself. The one I quoted is more relevant for modern technology (even if it is from 12 years ago, it's still newer than one from 21 years ago). And more relevant for MBs.

Looking through the full "invasion of privacy", it goes further into detail about permission being allowed to be given in several instances. The specific one quoted to you is the section that covers vehicle tracking (as well as the section before it). A lot of modern tech would be illegal in California if this was applicable.

I'm just going to keep hoping Disney will bring MBs to DLR some day . Those who want to use it can and those who don't will not be forced to. Simple.

 

[kristensideaoffun]

Can you site the applicable law? I have done some research before and found nothing. I feel like this is an urban legend. (But I am most definitely not a lawyer).

637.7 California Penal Code cited above is the correct law.

I have a really hard time imagining how this would apply to Magic Bands but not a myriad of other devices including smartphones and smart watches but

The tracking on smart watches and phones can be turned off with the push of a button, allowing the user to “opt-out” or revoke permission to track at any time. There is no off button on an RFID chip. If they figured out some way to add Bluetooth to MBs that would allow the user to turn off and on tracking, I believe that would be okay.

Looking through the full "invasion of privacy", it goes further into detail about permission being allowed to be given in several instances. The specific one quoted to you is the section that covers vehicle tracking (as well as the section before it). A lot of modern tech would be illegal in California if this was applicable.

I'm just going to keep hoping Disney will bring MBs to DLR some day . Those who want to use it can and those who don't will not be forced to. Simple.

The section of 637.7 you are speaking of explicitly states the only exception to electronic tracking without consent, which is a company can use GPS to monitor the movement and location of a person that is driving a vehicle owned by the company. But this exception to consent in the law is problematic, because privacy is a defined right under the California Constitution. Most employers obtain written consent from employees to protect themselves from litigation, even if it isn’t required. But while that small section spells out a specific exception involving company owned vehicles, the law goes well beyond GPS on vehicles to anything that is moveable and can be tracked electronically.

Yes, some apps on smart phones and watches track your location and movement, but you can “opt-out” and prevent those apps permissions to do so easily and at any time. You can’t easily “opt-out” of being tracked by an RFID chip, there is no off button.

For anyone interested in learning more about geolocation tracking and privacy, this is and interesting read and does discuss CA law in some places (mostly the new CCPA law): http://businesslawtoday.org/2019/03/power-place-geolocation-tracking-privacy/

 

[Kender]

637.7 California Penal Code cited above is the correct law.



The tracking on smart watches and phones can be turned off with the push of a button, allowing the user to “opt-out” or revoke permission to track at any time. There is no off button on an RFID chip. If they figured out some way to add Bluetooth to MBs that would allow the user to turn off and on tracking, I believe that would be okay.



The section of 637.7 you are speaking of explicitly states the only exception to electronic tracking without consent, which is a company can use GPS to monitor the movement and location of a person that is driving a vehicle owned by the company. But this exception to consent in the law is problematic, because privacy is a defined right under the California Constitution. Most employers obtain written consent from employees to protect themselves from litigation, even if it isn’t required. But while that small section spells out a specific exception involving company owned vehicles, the law goes well beyond GPS on vehicles to anything that is moveable and can be tracked electronically.

Yes, some apps on smart phones and watches track your location and movement, but you can “opt-out” and prevent those apps permissions to do so easily and at any time. You can’t easily “opt-out” of being tracked by an RFID chip, there is no off button.

For anyone interested in learning more about geolocation tracking and privacy, this is and interesting read and does discuss CA law in some places (mostly the new CCPA law): http://businesslawtoday.org/2019/03/power-place-geolocation-tracking-privacy/

And you can "opt out" of using a MB. Even if one opted in initially. You're also mentioning specifically GPS. MBs does not utilize this tech.

I disagree the law applies in this situation.

 

[kristensideaoffun]

And you can "opt out" of using a MB. Even if one opted in initially. You're also mentioning specifically GPS. MBs does not utilize this tech.

I disagree the law applies in this situation.

I used GPS as an example. 637.7 covers all electronic tracking devices, including, but not limited to, GPS. It defines an electronic tracking device as “any device attached to a vehicle or other movable thing that reveals its location or movement by the transmission of electronic signals.”

I understand your point that people can just not use the Magic Bands from the beginning, but how does someone “opt-out” or revoke their consent to be tracked using Magic Band after they’ve already opted in? What if they are in their hotel room and decide they no longer want Disney to know where they are? What about on the Monorail? In line for food? In the bathroom? Do they just walk up to a cast member and hand in their Magic Band? Allowing consumers to opt-out of being tracked via RFID isn’t as simple as other technologies.

 

[Kender]

I used GPS as an example. 637.7 covers all electronic tracking devices, including, but not limited to, GPS. It defines an electronic tracking device as “any device attached to a vehicle or other movable thing that reveals its location or movement by the transmission of electronic signals.”

I understand your point that people can just not use the Magic Bands from the beginning, but how does someone “opt-out” or revoke their consent to be tracked using Magic Band after they’ve already opted in? What if they are in their hotel room and decide they no longer want Disney to know where they are? What about on the Monorail? In line for food? In the bathroom? Do they just walk up to a cast member and hand in their Magic Band? Allowing consumers to opt-out of being tracked via RFID isn’t as simple as other technologies.

Civil Code 52.7 specifically covers RFID and other electronic tech attached to a person. It is the most recent law (2008) and, creepily enough, was focused heavily on implanting tracking chips in humans. The law forbids it from being forced or coerced, but you're allowed to voluntarily implant yourself with a chip. It should be noted that it does say this includes on the skin and not just under because I definitely had Cartman flashbacks reading "implant" and "subcutaneous".

Penal Code 637.9 covers tracking on a vehicle or thing. Its intention is to protect employees from being tracked by employers (although there are other applications, of course). That is why it mentions the exception for a company owned vehicle being equipped with GPS tracking. An employee can elect to be tracked, though, but it does get dicey staying within the law.

The key thing with both is consent and that there is a lot of grey area because of this.

I feel like you're really blurring the lines of what a MB is even capable of. GPS is such a completely different tech than RFID in terms of information it gives you. They have two RFID capabilities: short range (this is what one finds in things like pet microchips; it requires an outside power source to briefly "jumpstart" it, so to speak, so it gives the information it contains) and "long" range (this has a life of about a couple years due to the internal battery required). The "long" range ones are what work inside rides that deliver a photo or video without having to tap after the ride. WDW does have information about where and when short and "long" range is used within their property on a privacy policy page related to MBs.

They do not track your movement through the park. Not even close to what GPS would do. They do not track you to your hotel. No more than tapping into one's room with a regular hotel room card key does. And, most importantly, they do not track you outside of the parks. I bought a MB purely for PhotoPass acquiring (MBs do not work with the CM guest gate pass). It sits on my dresser at home in California. Disney is not tracking me at home with it. They don't know I was staying with my friend instead of in a hotel. They only even know I live in California because that information is on my profile. The biggest "concern" isn't location, but rather personal data with RFID which is why I specify Civil Code 52.7 as the applicable law. Knowing someone is on a ride (assuming "long" range RFID is still working on the MB) is far different than knowing they went to a Home Depot after they left Epcot.

MB permission is easy to remove: disassociate the MB with your account. And if one is really paranoid, one could put it in a faraday bag. Or just dispose (properly) of the MB.

It really all boils down to consent. Neither Penal Code 637.9 or Civil Code 52.7 apply regardless of which would be more accurate if consent for MB is given (and that it's easily taken away). MBs would only be illegal in California under either code if one was forced or coerced by Disney into setting up and using a MB against one's will.

 

[StormyCA]

If you come down to brass tacks, the reason why there are no MB at DL isn't because of privacy laws. There are legal ways around that. The real reason is that for whatever reason Disney has decided it is not economically beneficial. If Disney thought it would be a money maker, we'd have them.

I'd love it. MBs are so convenient and so easy to use.

 

[Evita_W]

I doubt they would be bringing MagicBands to California, prior to January 1, 2020, the data collected with MagicBands would have been considered illegal as the laws stood then. Effective Jan 1, even more strict privacy rules went into place, which would mean that if Disney did bring MagicBands to California, they would have to make it super easy to see what data has been collected and give you the ability to permanently remove it.

To give you some idea of the data that they have available, record and track:

• Every purchase you make
• Every time you enter your room (Exact time and date, as well as which band was used)
• Every FP you use
• Every time you enter the theme park
• Every ride with onboard photos records when the photo was taken
• Now here is the one most people find hard to believe, they can track and record where you are in the park at any given time, usually within 200 feet assuming you don't have a smart phone, look around the parks hard enough and you will see the long range scanner equipment that they use to do this. If you have a smart phone and have installed the Disney World app and allow it to use your location, they can combine this with the phone data and get to about 5 feet.
• If you have a DAS, all of the usage information for it is recorded

I am sure there is more, but all of this data is recorded and associated to your name, physical home address, MDE account, phone number, etc. All of this data is a gold mine for Disney who can use it to make not only reduce their costs, but they could potentially sell this data and make a fortune that way as well.

 

[Evita_W]

If you come down to brass tacks, the reason why there are no MB at DL isn't because of privacy laws. There are legal ways around that. The real reason is that for whatever reason Disney has decided it is not economically beneficial. If Disney thought it would be a money maker, we'd have them.

I'd love it. MBs are so convenient and so easy to use.

Actually, in California there really haven't been ways around the privacy laws, oddly enough the stricter law that became effective Jan 1 may indeed provide a method that would work, but again, it would require Disney to actually admit to what they are and aren't tracking and give you full control over that data.

 

[Kender]

I doubt they would be bringing MagicBands to California, prior to January 1, 2020, the data collected with MagicBands would have been considered illegal as the laws stood then. Effective Jan 1, even more strict privacy rules went into place, which would mean that if Disney did bring MagicBands to California, they would have to make it super easy to see what data has been collected and give you the ability to permanently remove it.

To give you some idea of the data that they have available, record and track:

• Every purchase you make
• Every time you enter your room (Exact time and date, as well as which band was used)
• Every FP you use
• Every time you enter the theme park
• Every ride with onboard photos records when the photo was taken
• Now here is the one most people find hard to believe, they can track and record where you are in the park at any given time, usually within 200 feet assuming you don't have a smart phone, look around the parks hard enough and you will see the long range scanner equipment that they use to do this. If you have a smart phone and have installed the Disney World app and allow it to use your location, they can combine this with the phone data and get to about 5 feet.
• If you have a DAS, all of the usage information for it is recorded

I am sure there is more, but all of this data is recorded and associated to your name, physical home address, MDE account, phone number, etc. All of this data is a gold mine for Disney who can use it to make not only reduce their costs, but they could potentially sell this data and make a fortune that way as well.

Actually, in California there really haven't been ways around the privacy laws, oddly enough the stricter law that became effective Jan 1 may indeed provide a method that would work, but again, it would require Disney to actually admit to what they are and aren't tracking and give you full control over that data.

All of those data points are already easily gotten through other means. Everything I do these with is connected to my account in some way and gives this information. If I stayed on site, they would know when I entered my room as well. Even the Hilton in San Jose knows whether I use my phone or my key card to unlock my door. No MB. 100% legal. And trust me they want to know how I chose to open my door.

The law allows for authorization to be given (when it was not forced). Period. I 100% agree with Stormy this is a Disney decision. They could easily do this within the law. But they clearly don't see profit in doing so at this time.

 

[Evita_W]

All of those data points are already easily gotten through other means. Everything I do these with is connected to my account in some way and gives this information. If I stayed on site, they would know when I entered my room as well. Even the Hilton in San Jose knows whether I use my phone or my key card to unlock my door. No MB. 100% legal. And trust me they want to know how I chose to open my door.

The law allows for authorization to be given (when it was not forced). Period. I 100% agree with Stormy this is a Disney decision. They could easily do this within the law. But they clearly don't see profit in doing so at this time.

Actually, the being able to pinpoint you within the park without a smartphone can't be done without a MagicBand or similar device and I my guess is that is where they are having issues.

No, Disney would do it in a heartbeat if they were allowed to, do you have any idea how much profit there would be in just selling limited edition magic bands to DL passholders? Seriously, they would by them en mass.

 

[kristensideaoffun]

Actually, the being able to pinpoint you within the park without a smartphone can't be done without a MagicBand or similar device and I my guess is that is where they are having issues.

No, Disney would do it in a heartbeat if they were allowed to, do you have any idea how much profit there would be in just selling limited edition magic bands to DL passholders? Seriously, they would by them en mass.

Exactly.

 

[Pamela M]

The better solution would be for the Disneyland App to be given access to the RFID chip already in our smart phones and watches. Much like some transit cards already are
Wearing a seperate bands is sooooo 2010s

But it was sooo nice not to have to have my phone or ticket out to scan at every fastpass and entrance. It was just tap and go and the some of the locations even made different sounds when you scanned in.

 

[Kender]

Actually, the being able to pinpoint you within the park without a smartphone can't be done without a MagicBand or similar device and I my guess is that is where they are having issues.

No, Disney would do it in a heartbeat if they were allowed to, do you have any idea how much profit there would be in just selling limited edition magic bands to DL passholders? Seriously, they would by them en mass.

And you can disassociate the MB with your account. Poof! No longer does the MB share access to your information and does not identify you as you. It's just an unattached MB. However, what I was speaking about was they know when I've scanned into a park, or scanned in for a FP (they know I'm riding). They know when I've made a purchase (AP). If I had a room, they'd know when I scanned in. All of this can be tracked without MB. They know my basic movement and habits without MB.

Trust me. I do know what they would make off just me alone. I may not be local, but I've been an AP for years.

I also believe Disney crunches the numbers on this and have (at this time) decided the investment will not result in a profit that will make it worth it. But I'm clearly not going to convince you that this is not a legal issue despite proof Disney could implement this if they wanted to.

 

[sunflare]

To give you some idea of the data that they have available, record and track:

• Every purchase you make
• Every time you enter your room (Exact time and date, as well as which band was used)
• Every FP you use
• Every time you enter the theme park
• Every ride with onboard photos records when the photo was taken
• Now here is the one most people find hard to believe, they can track and record where you are in the park at any given time, usually within 200 feet assuming you don't have a smart phone, look around the parks hard enough and you will see the long range scanner equipment that they use to do this. If you have a smart phone and have installed the Disney World app and allow it to use your location, they can combine this with the phone data and get to about 5 feet.
• If you have a DAS, all of the usage information for it is recorded

Here's the thing... they already do all of these things through other means. Use a credit card? They know what purchases you make. Use a room key for a Disney hotel? They know your access habits (and can tie purchases to it as well). Use a ticket? They know who you are, what fastpasses you use, if you're registered on a DAS, what pictures you take...they even have your picture attached to the ticket. They can track you through the park from gate to gate using the myriad of security cameras they have. There is absolutely nothing that the magic band can do that is not being done already by other means.

The decision not to use magic bands in DL is most likely due to space restrictions and cost to implement. I do agree, however, that they're missing out on a HUGE opportunity for seasonal special bands for AP holders.

 

[Evita_W]

And you can disassociate the MB with your account. Poof! No longer does the MB share access to your information and does not identify you as you. It's just an unattached MB. However, what I was speaking about was they know when I've scanned into a park, or scanned in for a FP (they know I'm riding). They know when I've made a purchase (AP). If I had a room, they'd know when I scanned in. All of this can be tracked without MB. They know my basic movement and habits without MB.

Trust me. I do know what they would make off just me alone. I may not be local, but I've been an AP for years.

I also believe Disney crunches the numbers on this and have (at this time) decided the investment will not result in a profit that will make it worth it. But I'm clearly not going to convince you that this is not a legal issue despite proof Disney could implement this if they wanted to.

Taking it off your account does not remove the data that has already been collected on you and that is where they have an issue, it isn't just the collecting of data, but keeping it without giving you complete control over the data.

 

[Evita_W]

Here's the thing... they already do all of these things through other means. Use a credit card? They know what purchases you make. Use a room key for a Disney hotel? They know your access habits (and can tie purchases to it as well). Use a ticket? They know who you are, what fastpasses you use, if you're registered on a DAS, what pictures you take...they even have your picture attached to the ticket. They can track you through the park from gate to gate using the myriad of security cameras they have. There is absolutely nothing that the magic band can do that is not being done already by other means.

The decision not to use magic bands in DL is most likely due to space restrictions and cost to implement. I do agree, however, that they're missing out on a HUGE opportunity for seasonal special bands for AP holders.

Except they cannot pinpoint your location in the parks at any given moment without you having a smartphone like they can with a MagicBand. Currently the only time they can pinpoint your location is when you make a purchase or use a FP, at WDW, they can pinpoint it at any given moment if you have a MagicBand.

 

[MonocularVision]

Then they just turn off the location tracking aspect and leave the passive NFC option for gate entry, FP returns and purchases?

I think it’s obvious at this point some are convinced the decision is a legal one and others think it isn’t. Doesn’t seem like any convincing is happening at this point.

 

[Kender]

Then they just turn off the location tracking aspect and leave the passive NFC option for gate entry, FP returns and purchases?

I think it’s obvious at this point some are convinced the decision is a legal one and others think it isn’t. Doesn’t seem like any convincing is happening at this point.

Since purchases can only be done with on-site guests at WDW, I could see this feature not being a thing at DLR at all because of only having the three hotels. Or maybe it'll be marketed as a "cool, awesome perk!" if it were kept.

 

[sunflare]

Except they cannot pinpoint your location in the parks at any given moment without you having a smartphone like they can with a MagicBand. Currently the only time they can pinpoint your location is when you make a purchase or use a FP, at WDW, they can pinpoint it at any given moment if you have a MagicBand.

They can pinpoint your location at Disneyland, too, through their cameras. That's real-time, as well as recorded for posterity.