The Dutch Data Protection Authority (Dutch DPA) has imposed a €4.75 million fine (around $4.95 million) on Netflix, citing shortcomings in how the company handled customer data between 2018 and 2020. The fine highlights issues in Netflix’s compliance with the General Data Protection Regulation (GDPR).
Dutch Data Protection Authority (AP) in a statement, said, “Between 2018 and 2020, Netflix did not provide customers with enough information about what the company does with their personal data. And the information that Netflix did provide was unclear in some areas”.
According to the Dutch DPA, Netflix’s privacy statement during that period lacked clarity and failed to provide customers with sufficient information about how their data was being collected, processed, and used. Moreover, the regulator said Netflix did not adequately respond to customer inquiries about their data, which further violated GDPR requirements.
Dutch DPA Chairman Aleid Wolfsen said, “A company like that, with a turnover of billions and millions of customers worldwide, has to explain properly to its customers how it handles their personal data,” and added “That must be crystal clear. Especially if the customer asks about this. And that was not in order.”
Additionally, Netflix, in its response, defended its practices, stating that the Dutch DPA interprets GDPR rules more strictly than other regulators. The company maintained that it adhered to the rules and even encouraged customers to reach out with questions about its use of personal data, cookies, and other technologies.