The Dutch Data Protection Authority (DPA) has fined Netflix €4.75 million ($4.93 million) for failing to comply with the General Data Protection Regulation (GDPR) between 2018 and 2020. The fine was imposed after an investigation revealed that Netflix did not provide sufficient information to users about how their personal data was being collected and used. Specifically, the streaming giant did not clarify its data practices in its privacy statement, including how it handled email addresses, payment details, and viewing preferences.
The investigation, initiated by the DPA in 2019, found that Netflix failed to offer transparent explanations regarding the purpose and legal basis for collecting data. Additionally, when users asked for details about the data the company stored, Netflix did not respond adequately. The DPA pointed out that these lapses in transparency were in direct violation of the GDPR’s requirements for clear communication about data usage.
Another significant issue raised by the DPA was Netflix’s lack of clarity around data sharing with third parties and its security measures when transmitting personal data to countries outside the European Union. The regulator emphasized that users must be fully informed about how their data is shared and protected. Despite the company’s claims of having updated its privacy statement to address these concerns, the DPA stressed that Netflix’s earlier lack of transparency still warranted a penalty.
The Austrian privacy non-profit, None of Your Business (noyb), which filed the complaint against Netflix, expressed satisfaction with the DPA’s ruling. However, the group highlighted that the five-year wait for a resolution was far too long. This case follows similar complaints against major tech companies, including Amazon, Apple Music, and YouTube, as regulators continue to scrutinize the data practices of large corporations under GDPR. The fine imposed on Netflix serves as a reminder of the importance of robust data protection and transparency, particularly for companies with a global customer base.
