Netflix Fined €4.75 Million in Dutch GDPR Case After Five-Year Wait
Five years after a privacy complaint was filed against Netflix in the European Union, the streaming giant has been fined €4.75 million (approximately $5 million). The penalty, issued by the Dutch Data Protection Authority (DPA), highlights Netflix’s failure to adequately inform users about how their personal data is processed, violating the General Data Protection Regulation (GDPR).
Under GDPR, EU citizens have the right to access their data and understand how it’s being used. However, the Dutch DPA found that Netflix did not meet these transparency requirements.
Netflix’s Annual Revenue Dwarfs Fine
While the €4.75 million fine may seem substantial, it pales in comparison to Netflix’s $33.7 billion in annual revenue for 2023. The company has objected to the penalty and may appeal the decision, meaning the case could stretch even further.
A Broader Privacy Battle
The complaint against Netflix was part of a coordinated campaign by noyb (None of Your Business), a privacy advocacy organization led by Austrian lawyer Max Schrems. In 2018, noyb filed similar complaints against several streaming platforms, including Amazon Prime, Apple Music, and YouTube, accusing them of failing to comply with GDPR’s data access rights.
However, enforcement has been slow:
- Only two other cases, against Spotify and Austria-based Flimmit, have been resolved to date.
- The complaint against Apple Music is progressing in Ireland.
- The Luxembourg DPA has yet to act on noyb’s complaint against Amazon, prompting the group to take legal action against the authority for inactivity.
Enforcement Challenges
This protracted case underscores the broader challenges of GDPR enforcement, particularly when turning individual rights into tangible accountability for powerful corporations. Privacy advocates like noyb argue that regulators need to act more swiftly and decisively to ensure GDPR’s effectiveness.
For now, the Netflix case highlights both the potential and the limitations of Europe’s landmark privacy law — with more battles likely to follow.
