The Dutch data protection authority (DPA) on Wednesday fined video-on-demand streaming service Netflix 4.75 million euros ($4.93 million) for not giving consumers enough information about how it used their data during from 2018 to 2020.
An investigation launched by the DPA in 2019 found that the tech giant did not make clear enough to customers in its privacy statement about what it does with the data it collects from its users. This includes email addresses, phone numbers, payment information, and information about what customers are viewing on the platform.
“Furthermore, customers were not given enough information when they asked Netflix what data the company was collecting about them,” DPA reported. saidadding that this is a violation of the General Data Protection Regulation (GDPR).
In addition to not clarifying the purpose and legal basis for data collection, the company was also accused of not being clear about what information is transferred to third parties and for what reasons, the period of data storage and security guarantees when it comes to transfer information to countries outside of Europe .
The Austrian nonprofit None of Your Business (noyb), which filed a complaint against Netflix in January 2019, said he is “pleased” with the DPA’s decision, noting that it took nearly five years to obtain.
“Netflix has not simply failed to provide sufficient information about why it collects data and what it does with it,” the report said. “The company did not even have time to provide a complete copy of the applicant’s data.”
Although the company has since updated its privacy statement and improved the information it provides to users, it objects to the fine, the DPA added.
“A company like this, with a turnover of billions and millions of customers worldwide, must properly explain to its customers how it processes their personal data,” said Dutch DPA chairman Aleid Wolfsen. “It should be crystal clear. Especially if the customer asks about it. And that was not okay.”
Noyb has too filed similar complaints against Amazon, Apple Music, Spotify and YouTube with the case against Spotify as a result the music streamer faces a fine of around €5 million from the Swedish Data Protection Authority (IMY) in June 2023.
The development comes from the Irish Data Protection Commission (DPC) imposed fined 251 million euros (about $263 million) on Meta for a 2018 data breach that affected 3 million users in the European Union.
