Dutch DPA Imposes €4.75 Million Fine on Netflix for GDPR Violations

On Wednesday, the Dutch Data Protection Authority (DPA) issued a hefty €4.75 million fine to Netflix for failing to provide adequate information to consumers about how their data was being used from 2018 to 2020. The investigation revealed that Netflix did not clearly outline to its users what data it was collecting, which encompassed email addresses, phone numbers, payment details, and viewing habits.

In addition to this, Netflix also fell short in disclosing the purpose and legal basis for collecting user data. There were uncertainties around what information was being shared with third parties, the reasons for sharing it, data retention policies, and security measures for transmitting data outside of Europe. Austrian privacy organization None of Your Business (noyb) filed a complaint against Netflix in January 2019 which eventually led to the fine being imposed.

Despite updating its privacy policies and enhancing transparency around data usage, Netflix is contesting the fine. The Dutch DPA emphasized the importance of companies being clear with customers about how their personal data is handled, especially when asked directly. This marks another instance of tech companies facing consequences for privacy violations, with similar complaints filed against Amazon, Apple Music, Spotify, and YouTube.

While this fine against Netflix is significant, it is not the first instance of a technology company facing financial penalties for privacy breaches. In a separate case, the Irish Data Protection Commission (DPC) imposed a fine of €251 million on Meta for a data breach affecting 3 million users in the European Union. These actions underscore the growing importance of data protection regulations in holding companies accountable for safeguarding user information.