Dutch Regulator Fines Netflix €4.75 Million over Private Data Handling

THE HAGUE - Netflix was fined 4.75 million euros over allegations that the video streaming platform was not transparent about the handling of its customers’ data. The fine was announced by the Dutch Data Protection Authority (DPA) on Wednesday as the result of a complaint filed by Austrian privacy group None of your Business. Netflix has objected to the fine. 

“Netflix did not give customers sufficient information about what the company does with their personal data between 2018 and 2020,” the Dutch DPA wrote. This regards information collected from customers, such as viewing habits, payment details, email addresses, and telephone numbers. 

The company has a European headquarters in the Netherlands, which made the Dutch DPA responsible for handling the complaint. The organization launched its investigation five years ago, and determined that Netflix did not clearly inform people about what the company did with private data, what data was shared with other organizations, why any data was shared, the duration the data was stored, and how the data was kept safe, the regulator said. 

This information should have been included in the company’s privacy statement. The absence of such information constitute violations of the European privacy rules under the General Data Protection Regulation, or GDPR. “Furthermore, customers did not receive sufficient information when they asked Netflix which data the company collects about them,” the regulator said. 

Over 3 million subscriptions for Netflix are currently held in the Netherlands, reaching about half of the country’s population. It is the most popular streaming service in the country, competing with Disney+, Videoland, HBO Max, Amazon Prime and Viaplay. 

“A company like that, with a turnover of billions and millions of customers worldwide, has to explain properly to its customers how it handles their personal data,” wrote Dutch DPA Chair Aleid Wolfsen in a statement. “That must be crystal clear. Especially if the customer asks about this. And that was not in order.” 

None of Your Business first filed the complaint with the Austrian regulator, which then passed the case on to the Netherlands. “The Dutch DPA has coordinated the investigation and the amount of the fine with other European data protection authorities,” the Dutch authority said.




Share