Dutch Regulator Fines Netflix €4.75 Million for Privacy Data Violation

The Dutch Data Protection Authority (DPA) fined Netflix 4.75 million euros for not being transparent about handling customer data. This fine came after a complaint from Austrian privacy group None of your Business. Netflix has contested the fine.

The Dutch DPA stated that Netflix failed to provide customers with enough information about how their personal data was used between 2018 and 2020, including details like viewing habits, payment information, email addresses, and phone numbers.

Netflix’s European headquarters in the Netherlands placed the Dutch DPA in charge of the investigation. The DPA found that Netflix did not clearly explain to users what it did with their private data, which data was shared with other organizations, the reasons for sharing data, how long the data was stored, and how it was secured.

This essential information should have been included in Netflix’s privacy statement, and the absence of these details violated European privacy rules under the General Data Protection Regulation (GDPR). Customers also did not receive sufficient information when inquiring about the data collected about them, according to the regulator.

In the Netherlands alone, over 3 million people have Netflix subscriptions, making it the country’s most popular streaming platform, competing with services like Disney+, Videoland, HBO Max, Amazon Prime, and Viaplay.

Dutch DPA Chair Aleid Wolfsen emphasized that a company as large as Netflix with a global customer base must clearly explain how it handles personal data to its users, especially when questions arise. None of Your Business initiated the complaint with the Austrian regulator, leading to the case moving to the Netherlands for investigation and coordination among European data protection authorities.