Netflix was fined 4.75 million euros by the Dutch Data Protection Authority (DPA). The streaming giant was found to have been non-transparent about its data handling practices between 2018 and 2020. This decision came after a complaint filed by the Austrian privacy group None of Your Business, as per reports.
The DPA alleges that Netflix failed to provide adequate information to its customers about how their personal data, including viewing history, payment details, email addresses, and phone numbers, was being used.
Netflix, however, has disputed the fine.
Netflix’s European headquarters are located in the Netherlands, making the Dutch Data Protection Authority (DPA) responsible for investigating a complaint filed against the company. The DPA initiated its inquiry five years ago, concluding that Netflix had not adequately informed its users about its data practices.
The regulator determined that Netflix failed to provide clear information on various aspects of data handling, including:
Data Purpose: The specific purposes for which user data was collected and used.
Data Sharing: The nature and extent of data sharing with third-party organizations.
Data Retention: The duration for which user data was stored.
Data Security: The measures implemented to safeguard user data.
This information should have been included in Netflix’s privacy policy. The absence of such details constitutes a violation of the General Data Protection Regulation (GDPR).
Furthermore, the DPA found that Netflix did not provide sufficient information to users who inquired about their specific data held by the company.
With over 3 million subscriptions, Netflix boasts a significant user base in the Netherlands, reaching approximately half of the country’s population. As the most popular streaming service, it competes with platforms like Disney+, Videoland, HBO Max, Amazon Prime, and Viaplay.
Dutch DPA Chair Aleid Wolfsen emphasized the importance of transparency for a company of Netflix’s scale, stating, “A company like that, with a turnover of billions and millions of customers worldwide, has to explain properly to its customers how it handles their personal data. That must be crystal clear. Especially if the customer asks about this. And that was not in order.”
The complaint was initially filed with the Austrian regulator but was subsequently transferred to the Dutch DPA due to Netflix’s European headquarters being located in the Netherlands. The Dutch authority coordinated the investigation and fine with other European data protection authorities.