“Magical” Data Collection (part 3 of 3)

MagicBands(cont’d from part 2)

One of the initial praises for this smart technology was the ability for it to collect and assess data through algorithms by assigning a pseudonym to the user—collecting data anonymously. This is not the case with the Disney Magic Band. The Magic Band is just one tool in the entire My Disney Experience vacation management platform. Once a user receives his or her Magic Band (whether a “tourist” or a local annual passholder), he or she has to go online and customize the band with names, select a profile picture (from a list of Disney characters), and other contact information. This, in and of itself, takes the pseudonym (anonymity) out of the equation. For now, not only can information and data be gathered, but it is attached to a specific person whose identity is not a secret. Unlike your smartphone or other mobile devices (e.g. tablet), in which the user can turn off the location sharing features (either for the whole device or app-specific), the location sharing and smart technology in the Magic Band (RFID and GPS) cannot be turned off. The inability for the user to not turn off the location sharing features can be viewed as an encroachment upon personal privacy. However, Disney World does not require park guests to wear/use the Magic Bands. Therefore, if a part guest chooses to wear/use the Magic Band, then he or she accepts the fact that prolific amounts of information are being shared, including but not limited to: location, dining preferences, FastPasses, etc).

Although conspiracy theorists can tout the whole “big brother—or in this case Big Mickey—is watching,” it is more likely that issues of database privacy should be explored (Mokbel, 2006). The treasure trove of information gathered and processed by the My Disney Experience system provides the media giant with unparalleled data that can be integrated into the park operations and, by extension, can be presumed to be integrated into other decisions. Still, the program is too new in order to know for sure where the data is going. Looking at other models of smart data, we can certainly explore the possibilities. The goal in database privacy is to provide access to the gathered information without risk of breaching privacy (attributing numbers instead of names to the sources of information).

The GPS technology built into the Magic Band builds upon decades of GIS  (global information system) research and integration in order to factor location into the database. Location provides a way to link information on a user (or subject) from one database into another. This method of data collection and organization is referred to as data matching (Curry, 2015). Without location, then the information would not be as valuable because it would be more difficult to find links between what the park guests want to experience, and in which order, during a vacation or visit to the Walt Disney World Resort. Since data matching requires the use of a figurative data map anyway, actually using a map of Disney World adds to the effectiveness of the data when factoring it into an algorithm. Integrating GIS technology into how the Magic Bands are monitored and used, allows Disney to create hyper-sensitive remote surveillance technologies (Curry, 2015). This is the basis for the character meet and greet feature referred to earlier in this series of articles.

By designing the Magic Bands to work with GPS, GIS, RFID, and POS (point of sale) technologies, Disney can take data matching to the next level and create data profiles based on the smart data collected (Curry, 2015). Whether in name or anonymously, this degree of smart data is highly effective because once a profile archetype is formed, Disney can reflect upon that profile type’s history and forecast what that particular archetype is going to do in the future and could target ads, characters, purchases, etc to that person.

But what about invasion of personal privacy while at Disney World? How should Disney respond if accused of invading the privacy of its guests? “One traditional response, here, has been that just because the data in a profiling system are not “real facts,” there can be no invasion of a person’s privacy, at least in the traditional informational sense…just as the development of GIS has been associated with the devaluation of the local, where attributes of the local come to  be seen merely as contingent features of a Euclidean set of spatial coordinates, so too has it been associated with a devaluation-or at least revaluation-of the individual and of the nature of identity” (Curry, P258, 2015). Although Curry is not referring to the Magic Bands, his research can be applied to them by extension since little is actually known about the digital data collected and all the ways that the media giant uses it.

The information collected through MyDisneyExperience (and the Magic Bands) aid in creating digital people, places, and lives. Just like an individual is responsible for one’s financial identity (credit score), then should not a Disney park guest be responsible for and how their digital self is used? But because of the aforementioned reasoning, the data collected may not be legally treated as “real facts,” this splitting of the proverbial hair gives Disney carte blanche to use the data however it chooses. It may be that the data is simply used to make park visit logistics more efficient and convenient for park guests, but it is clear that the collected data could be used in figuratively infinite ways without any due compensation for the park guest or details notification of how the data is used or interpreted.

Although privacy conspiracy theorists and some legalistic Christian fundamentalists may see this smart data technology as a gateway to the apocalypse, the truth is, this technology has been part of our lives for a long time—at least the basics of the hard technology. This is really no different than the introduction of the printed barcode back in the 1970s (Laugheinrich, 2007). RFID/GPS technology (as a means of location and payment) is found in every automated toll stickers and units in cars in order to use the express-thru lanes on the turnpikes and expressways without having to stop at the booth. Similar technology can be found in keyless electronic ignition in many contemporary cars that responds to a particular key fob instead of metal key—takes the RFID chip to the next level. That technology does not seem to fall under scrutiny or appear to be frocked with privacy concerns.

Laugheinrich highlights that RFID [and by extension RFID-GPS technologies for purposes of this paper] has three distinct advantages over more traditional means of collecting or processing data: (1)Automation—the scanners/receivers provide the company with nearly unsupervised readouts. (2)Identification—RFID offers much more in the way of information density. (3)Integration—embedding the technology in unobtrusive ways thus freeing the product design (2007). Think of RFID technology as the latest version of the now antiquated barcode. Programmed to only work with a specific person allows for RFID to be integrated into token-based authentication based applications because of the size (Laugheinrich, 2007). Token-based authentication (which is essentially the foundation of the Magic Band) provides a means to issue and then collect information that cannot be [easily] duplicated or forged. Sorry, that means you can no longer print your own or hoard past FastPasses to skip the long queue at ToyStory Midway Mania or the Seven Dwarves Mine Train.

Whether the Walt Disney Company has plans beyond park operations and planning for its Magic Bands will have to wait to be seen; however, just because Disney may not be engaging in any illegitimate or unethical uses of the smart data gathered by the Magic Band readers, that does not mean that there do not exist those who use data gathering technologies that can hack into the RFID/GPS system the Magic Bands use and modify or sell that data, or anything else unscrupulous. Potential digital privacy violations may happen if an authorized reader eavesdrops on authorized transactions  or if a rogue sensor tricks the transmitter to divulging personal information since MyDisneyExperience includes all kinds of personal and financial information on a given park guest. (Laugheinrich, 2007). Echoing the three benefits to RFID/GPS technologies, there are principally three privacy concerns as well: (1)Clandestine scanning—simply stated, the RFID is scanned or read without the user/owner’s consent. (2)Eavesdropping scanning—“listening” in on authorized or authenticated transactions between a transmitter and reader. (3)Data leakage—reading out more information from a transaction than is necessary to carry out the task (Laugheinrich, 2007).

A fairly innocent invasion of privacy in the Disney Parks could be something like this: you stop by the Brown Derby at Hollywood Studios to look at the menu. There are readers all over the place anyway, and having on in the menu board at the Derby is no different. You receive a text message or email from WDPR (Walt Disney Parks and Resorts) that asks why you did not dine at the restaurant or offers you a coupon or something along those lines. Another scenario is a little more sinister. An unauthorized individual has developed a reader that as he or she walks past park guests, picks up on the personal, park, or financial information on an individual’s Magic Band. As far as business development or pushing products, Disney could examine the attractions or characters you visit most and target merchandise at you through your mobile phone or email. Since RFID/GPS technology-driven devices are extremely small and can be integrated into almost any item, it would be very difficult for WDPR security to monitor the entrances for said devices. At the end of the day, the biggest privacy concern with the Magic Bands is the unauthorized automatic data collection that is not explicitly stated in the terms of use or user agreement that comes with the Magic Band—where WDPR finds indirect loopholes to monitor your movements in financial information while visiting the parks.

Although RFID/GPS technologies have come a long way and security company and user security measures have better developed over time, clearly more research needs to be done in order to truly understand the ramifications of the implementation of the Magic Bands into the daily operation of the Disney parks. Literature has shown us how the technology works and how it could be used. Most of what has been written about in these articles requires looking at past research on either privacy or wearable technology and apply it to how it may affect the manner in which Magic Bands are used. Furthermore, it is not always one of the two parties in the RFID relationship (i.e. WDPR and the park guest), but it can be other park guests with intrusive technologies that breach the relationship that can pose a privacy or security threat.

Click HERE for part 1

Click HERE for part 2



Ball, R., et al (2015). The Future of Luxury: Capital of Creation, Fashion Institute of Technology, Capstone Research Project, Master’s Degree Program.

Curry, M.R. (2015), Digital People, Digital Places: Rethinking Privacy in a World of Geographic Information, University of California Los Angeles, Ethics and Behavior 7:3, P253-263

Dockterman, E. (2014). Now Disney Can Track Your Every Move with NSA-Style Wristbands, Time.Com, 1.

Kuang, C. (2015, March 15). Disney’s $1 Billion Bet on a Magical Wristband. Retrieved May13, 2015, from http://www.wired.com: http://www.wired.com/2015/03/disney-magicband

Laugheinrich, M. (2007), RFID and Privacy, Security, Privacy, and Trust in Modern Data Management, Part V, P433-450.

Mokbel, M.F. (2006). Towards Privacy-Aware Location-Based Data Servers, Department of Computer Science and Engineering, University of Minnesota, Twin Cities.

Palmeri, C., & Faries, B. (2014). Big Mickey Is Watching. Business Week, (4370), 22-23.

Panetta, K. (2014). Why I’m A-OK with Disney tracking me “NSA-style.” ECN: Electronic Component News, 58(2), 10.

Schnell, E. (2013). Near Field Communications: Features and Considerations, Journal of Electronic Resources in Medical Libraries, Vol.10, No.2.

Thierer, A. (2014). Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom, George Mason University, Mercatus Center.

Thierer, A. (2015). The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation, George Mason University, Mercatus Center.

Winsor, R.M. (2015). The Magic of the Mouse: An Exploration of Brand Personality in the Walt Disney Company, University of New Hampshire, Senior Honor’s Thesis.

“Magical” Data Collection (part 2 of 3)


(cont’d from part 1)

Magic Bands work primarily off RFID and GPS technologies; the former is a marriage of radio frequencies and microchip technologies whereas the latter is built upon geo-locating satellite transmitters and receivers (Schnell, 2013). Think of RFID technology as the older IR (infrared) technology but not requiring the same line of sight. Both are limited to short distances. Writing on Near Field Communication (NFC), Schnell highlights that NFC is a “contactless exchange [of information] that takes place over short distances…NFC allows users to perform contactless (although sometimes brief contact is also used) access to digital content and connect to other electronic devices simply by bringing their mobile devices into close proximity” (Schnell, 2015 p.101).

Everything from reading and writing information to programming for specific tasks can be accomplished with NFC. Outside of the magical examples, NFC can be seen in the technology that tells a phone or computer to go to sleep when placed on a special stand or dock. More commonly known, there are mobile device charging stations that respond simply by placing the phone on the charging pad (with no cable connectivity required). NFC technology is also found in the growing number of consumers who are using ApplePay® to make purchases by holding the iPhone close to an ApplePay reader and using the security of a fingerprint. The method by which Apple is integrating ApplePay into the functionality of the iPhone and the experience in the Apple Store is the similar to the method by which the Magic Bands operate. Both perform similar tasks, but for different purposes.

The widespread ramifications of the Magic Band system will be felt not only by real theme parks (i.e. Universal Studios, SeaWorld Parks and Entertainment) but also by museums, airports, and zoos, aquariums, and many more places that integrate hospitality, transportation, and merchandise into the daily operations. The intel collected from the use of the bands is unprecedented (Pameri, et al, 2014). The question at hand is two fold, (1) beyond the superficial uses, how else is the tracking information used? (2) beyond the vacation management system (MyMagic+), how else does this smart data affect other business decisions?  The two fold question has one common element: privacy.

The indirect results of weeks and months of smart data collection can be used to affect decisions like how many employees (Cast Members in the Disney vernacular) to staff at each attraction, restaurant, or resort. By analyzing the number of FastPass reservations made through the My Disney Experience app (the flagship app in the MyMagic+ system) and reflecting those numbers against the number of standby guests (guests without FastPasses who have to wait in the traditional queue) all the while just qualifying those numbers against the physical number of guests through the attraction entrance, Disney World can make effective decisions based upon copious amounts of dynamic data. This same smart data can even help determine what items to stock in the various merchandise shops and even how many character performers should be strategically roaming the park (Palmeri, et al, 2014). It is conceivable to conclude that this same information can also be used in the decision making process of a new movie, television show, or Broadway show. “To infinity and beyond” with this information as Toy Story’s Buzz Lightyear would say.

At the end of the day, there really is not anything particularly magical about the Magic Band. It takes what, as Jurassic Park’s Ian Malcolm would say, “others have done and took the next step” (Jurassic Park, 1993). The Magic Band is next evolution in the wearable technology trend of integrating technology seamlessly into the everyday or more mundane tasks for which, otherwise, time has to be separately allocated. Experiences with a brand or product are customized by collecting, tracking, qualifying, and quantifying data created by the [perceived] end user. The word perceived is in brackets because it is truly the company who is the end user of the data because they decide what to do with it and whether to sell it to another buyer. According to Adam Thierer, “wearable technologies are among the fastest-growing segment of internet-based technologies and promise to have widespread societal influences in the coming years” (p1 2015). These positive and negative consequences can include challenges to present societal norms, mores, and more. Economic and legal norms and guidelines may also find themselves challenged by the data provided by wearable technologies. This is not so unlike Disney’s decision-making in the parks about staffing and merchandise.

Like with any new technology, safety (including, but not limited to privacy and security) is a major concern and the skeptics often outweigh those who are welcoming of new communications technologies with open arms. If safety was always paramount and truly dictated innovation, then it is likely that entrepreneurship, economic growth, ingenuity, and invention could be greatly mitigated (Thierer, 2015). There must be a balance struck between acknowledging safety (in the case of this paper, privacy) but permitting new communications technologies to breach it to a small extent to pave the way for a more efficient means of conducting business or creating experiences. The best means of dealing with privacy issues, in terms of wearable technologies, is to creatively deal with them as they rise up (Thierer, 2015). Unfortunately, sometimes privacy issues are ignored or seen as passé in order to commodify data. That is the crux of the issue. Beyond the obvious uses of the Magic Bands, is the privacy of consumers compromised and is the data being sold off? Without conducting an empirical research study and interviews with those who monitor and support the technology, it is entirely possible that the answer will not be known for some time yet since the MyMagic+ system is still relatively new. But, past research can show us how similar technologies are used, and by extension, apply those practices to the MagicBands and the data collected by them.

Interestingly, privacy awareness over what is now referred to as smart data can be traced back to 2006—a time in which many were unaware that the aforementioned technology existed, at least in its present form (Mokbel, 2006). The idea of location-based information is not new—that is how Google Maps mobile app works as well as just the basic GPS in your vehicle. But, that same technology has become smaller, less expensive, and can be integrated into many different items including the Disney Magic Bands. Why integrate this technology into items like the Disney Magic Bands? Simply stated, it is because “user requests to location-based services can be modeled as spatio-temporal queries that can be efficiently executed over large numbers of mobile users through database management modules, e.g., data indexing, query processing, and query optimization” (Mokbel, P1, 2006). The possibilities of channeling the data in copious ways provides an unprecedented quality and quantity of data that can be cited in the development of various decisions. It is not that this same data could not be quantified in any other way, but this method is far more efficient because it would take exponentially more hours and resources to achieve the same results through more conventional means—at least convention as it was known until the advent of smart data devices.