The Dutch Data Protection Authority (DPA) has imposed a fine of €4.75 million on Netflix for failing to adequately inform its customers about how it handles their personal data. The investigation, launched in 2019, revealed that the company did not provide clear information in its privacy statement about the use of the data collected, including email addresses, phone numbers, payment details and viewing history.
The investigation originated from a complaint filed by None of your business (Noyb), an Austrian NGO dedicated to privacy with a long history of legal actions in defense of users’ digital rights. On this occasion, the complaint was filed with the Dutch regulator because Netflix has its European headquarters in Amsterdam, but the analysis covers its business throughout the EU. The DPA explains that there have been other European data protection agencies that have participated in the investigation.
According to the resolution, the company provided very little information to its customers about what personal data Netflix shares with third parties and why it does so, how long it retains the data or how it guarantees its security when the company transmits it to countries outside of Europe. “A company like this, with a turnover of billions of customers around the world, has to explain to its customers how it processes their personal data,” said Aleid Wolfsen, president of the DPA: “That has to be crystal clear. , especially if the client asks about it.”
In addition to data linked to the user’s identity, Netflix handles information about viewing history that has great value for advertisers. This can reveal data such as gender preferences, consumer habits, age, region, emotional state and personal interests, which can be used for personalized advertising. This includes ads based on tastes, demographic segmentation (products for children or adults), promotion of similar content and even prediction of future needs.
After the investigation began, Netflix modified its privacy policy to reflect that it does not sell this type of information to advertisers. “Netflix uses contractual and technical measures designed to prevent Netflix marketing providers from accessing information regarding specific programs or movie title selections you make, the URLs you enter, or the programs or movies that you have seen on our service,” reflects the document.
Noyb filed the claim after Netflix was unable to explain what it does with user data following a direct request. The NGO reflects that the American company could not even give a complete description of the use of personal data once the investigation by the Dutch authority began. “We are satisfied with the DPA’s decision to impose a fine on Netflix. However, it took almost five years to obtain it, and in a very simple case,” stressed Stefano Rossetti, a lawyer specialized in data protection at Noyb.
Netflix has announced that it will appeal the sanction. “Since this investigation began more than five years ago, we have cooperated with the Dutch Data Protection Authority and have proactively evolved our privacy information to offer greater clarity to our members,” a spokeswoman for the multinational said in a statement. sent to elDiario.es. The same sources indicate that the case refers to the period between 2018 and 2020, just after the entry into force of the new European data protection regulations.
#million #euros #sanction #Netflix #hiding #sends #users #data
