Netflix Fined €4.75 Million by Dutch DPA for GDPR Non-Compliance

December 19, 2024

 

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has imposed a €4.75 million fine on Netflix for violating the General Data Protection Regulation (GDPR). The penalty, equivalent to $4.93 million, stems from shortcomings in the company’s data transparency practices between 2018 and 2020.

Investigation Highlights GDPR Failures
The investigation, launched in 2019 following a complaint from Austrian privacy advocacy group noyb (None of Your Business), found multiple violations of GDPR requirements. Key findings include:

  • Insufficient Transparency: Netflix’s privacy statements failed to clearly define the purpose and legal basis for collecting user data, including email addresses, payment details, and viewing habits.
  • Lack of Clarity on Data Sharing: The company did not adequately disclose information about sharing data with third parties, data retention policies, or security measures for transferring user data outside the European Economic Area.
  • Incomplete Data Access: Users requesting access to their personal data were not provided with the full scope of information required under GDPR guidelines.

Prolonged Timeline Sparks Criticism
While the fine is being celebrated as a win for privacy rights, noyb criticized the lengthy process. "It took almost five years to obtain a decision in a straightforward case," the group said in a statement.

Netflix’s European, Middle Eastern, and African operations are headquartered in Amsterdam, giving Dutch authorities jurisdiction over the investigation.

Netflix Challenges the Fine
Netflix has objected to the ruling and the accompanying penalty, although the company has yet to provide detailed comments on its legal stance.

The Broader Implications
This fine underscores the importance of GDPR compliance for global companies operating in the EU. Organizations are required to maintain transparency, offer comprehensive access to personal data, and safeguard user privacy in all aspects of data handling.

For businesses, the case serves as a reminder of the increasing scrutiny from European regulators and the need for clear, comprehensive privacy practices.

Tags
Perry Toone

Posted by Perry Toone

Perry, the founder of Thexyz and Curious Penguins, is an open water swimmer and an open-source software enthusiast. He develops privacy-respecting software, fuelled by a passion for digital privacy and high security standards.

Post a Comment

0 Comments