The Dutch Data Protection Authority (Dutch DPA) fined Netflix 4.75 million euros (about $4.95 million), saying that between 2018 and 2020, the company did not give its customers enough information about what it does with their personal data.
The regulator said Netflix violated the General Data Protection Regulation (GDPR) by not making the information in its privacy statement clear enough and by providing insufficient information to consumers who asked the company about the data it collects about them, according to a Wednesday (Dec. 18) press release.
“A company like that, with a turnover of billions and millions of customers worldwide, has to explain properly to its customers how it handles their personal data,” Dutch DPA Chairman Aleid Wolfsen said in the release. “That must be crystal clear. Especially if the customer asks about this. And that was not in order.”
The press release said that since the period covered in the complaint, Netflix has updated its privacy statement and improved the information it provides.
Reached by PYMNTS, a Netflix spokesperson said in an emailed statement: “Since this investigation began over five years ago, we have cooperated with the Dutch Data Protection Authority and proactively evolved our privacy information to provide even greater clarity to our members. We have objected to this decision.”
In a Dutch DPA document about the fine, the regulator reported that Netflix said that the Dutch DPA uses a more stringent interpretation of the GDPR rules, that the company believes it acted in accordance with the rules, and that the company’s privacy statement invited customers to contact Netflix if they had questions about its use of personal data, cookies and other technologies.
In an earlier, separate action, the Dutch DPA fined Uber 290 million euros (about $324 million) in August, saying the company violated the GDPR by transferring personal data of its drivers to the United States while failing to protect that data. Uber has since ended the violation.
In May 2023, the Irish Data Protection Commission fined Meta Platforms $1.3 billion, saying the company violated the GDPR by failing to protect European Facebook users’ data from U.S. surveillance practices. In addition to the fine, Meta was ordered to suspend any future transfer of personal data to the U.S. and to cease “the unlawful processing, including storage, in the U.S.” of EU users’ personal data.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More