Fine of 4.750.000,00 EUR against Netflix for GDPR violations

Dutch Supervisory Authority fined Netflix for not properly informing customers. Netflix did not inform customers clearly enough in its privacy statement about what exactly Netflix does with those data (Article 5 (1)(a) and Article 12 (1) in conjunction with Article 13 (1)(c)(e) and (f); and Article 13(2)(a) GDPR).

The Dutch Supervisory Authority (SA) started this investigation following complaints from None of your business (noyb), an Austrian NGO that is committed to privacy. Those complaints were submitted to the Austrian data protection authority and forwarded to the Dutch SA, because Netflix has its main European establishment in the Netherlands.

The investigation shows that Netflix did not inform customers clearly enough in its privacy statement about what exactly Netflix does with those data (Article 5 (1)(a) and Article 12 (1) in conjunction with Article 13 (1)(c)(e) and (f); and Article 13(2)(a) GDPR).

Furthermore, customers did not receive sufficient information when they asked Netflix which data the company collects about them. (Article 5 (1)(a) and Article 12 (1); in conjunction with Article 15 (1)(a)(c) and (d) and Article 15 (2) GDPR). These are violations of the GDPR.

On several points, Netflix provided too little information to customers, or the information provided was unclear. The company was not clear enough about:

  • the purposes of and the legal basis for collecting and using personal data (Article 13 (1)(c) and Article 5 (1)(a) GDPR);
  • which personal data are shared by Netflix with other parties, and why precisely this is done (Article 13 (1)(e) and Article 15 (1)(c) GDPR);
  • how long Netflix retains the data (Article 13(2)(a) and Article 15 (1)(d) GDPR);
  • how Netflix ensures that personal data remain safe when the company transmits them to countries outside Europe Article 13 (1)(f) and Article 15 (2) GDPR).

The Dutch SA imposed a fine of 4 750 000,00 EUR against Netflix.

The decision is available here

(source: edpb.europa.eu/photo freepik.com)

Comments

Post a Comment

Popular posts from this blog

Imposition of fines and order to comply following a leak of expats’ personal data file by Greek Data Protection Authority

Image
The Greek Supervisory Authority for Data Protection imposed on the Greek Ministry of the Interior,  an administrative fine totalling EUR 400,000 and on a Member of European Parliament an administrative fine totalling EUR 40,000 for infringements of GDPR. The Hellenic Data Protection Authority received a large number of complaints regarding unsolicited political communication via e-mail sent on 1/3/2024 and entitled "100 days before the European elections", by Member of European Parliament Anna-Michelle Asimakopoulou. Following this, the Authority investigated the case ex officio, exercising immediately its powers of investigation and auditing the bodies involved. Following a series of on-the-spot audits and the receipt of evidence and data in the context of the audit, it was found that a file containing personal data of all registered Greek expatriate voters for the June 2023 elections, for which the Hellenic Ministry of the Interior is the controller, and for which the leg...
Read more

Unfair and illegal terms of loan agreements used by banks

Image
Article by George Kazoleas,  Lawyer LL.M. (Banking & Capitalmarkets Law) It is well known that loan agreements contain terms and conditions that disturb the balance between the parties to the detriment of the borrower and are therefore legally and judicially  diagnosed as contrary to law. Despite this, most banks insist on including them in their new contracts, refusing to comply with court rulings even by the European Court of Justice. Especially, foreign currency loan agreements (such as the Swiss franc) contain many unfair and opaque terms. Particularly: The Bank had to inform the potential borrower of the foreign exchange risk and explain in detail the relevant clauses before concluding the loan. It is very common, that the loan agreement does not mention anything about this risk, nor does it appear that the borrower has been effectively and properly informed by a competent bank official. According to Cypriot and European legislation and case law, the loan...
Read more

A euro area Member State can oblige its administration to accept payments in cash, but can also limit that payment option on public interest grounds

Image
In its Judgment in Joined Cases C-422/19 and C-423/19 (Johannes Dietrich and Norbert Häring v Hessischer Rundfunk) the European Court of Justice ruled that a euro area Member State can oblige its administration to accept payments in cash, but can also limit that payment option on public interest grounds. Such a limitation may in particular be justified where payment in cash is likely to involve the administration in unreasonable expense because of the very high number of persons liable to pay. Two German citizens who were liable to pay a radio and television licence fee in the Land of Hesse (Germany) offered to pay it to Hessischer Rundfunk (Hesse’s broadcasting body) in cash. Invoking its regulations on the procedure for payment of radio and television licence fees, which preclude any possibility of paying the licence fee in cash, [1] Hessischer Rundfunk refused their offer and sent them payment notices. The two German citizens brought an action against those payment notices and th...
Read more

The Delivery Delay Clause in Residential Construction Contracts: Consumer Protection in Cyprus and Europe

Image
By Giorgos Kazoleas, LL.M., Lawyer, Managing Partner at Legal Experts Cyprus The purchase or construction of a new residence is one of the most significant financial and personal decisions a consumer can make. Residential construction contracts or agreements for the sale of property under construction are a crucial and defining element of the entire process, as certain terms they may contain can be detrimental to the buyer. One of the most critical aspects is the contractual delivery time of the project and the provision for delay, through the so-called delivery delay clause. The Delivery Delay Clause: Its Role and Legal Nature The delivery delay clause (also known as a penalty clause in the event of default) is a term usually included in the contract that specifies a predetermined compensation amount that the contractor or seller must pay to the buyer for every day, week, or month of delay beyond the agreed delivery date. The purpose of the clause is twofold: -Compensatory: ...
Read more

ECtHR Judgement against Greece: Disclosure of the identities and medical data of prostitutes diagnosed with HIV was a breach of their right to private life

Image
The case of O.G. and Others v. Greece (applications nos. 71555/12 and 48256/13) concerned the publication, by decision of the domestic authorities, of medical data concerning prostitutes who had been diagnosed as HIV-positive, and media coverage of them. It also concerned the circumstances in which they were required to undergo a blood test.  In Chamber 's judgment(23.1.2024) in this case the European Court of Human Rights held, unanimously, that there had been two violations:  -A violation of Article 8 (right to respect for private life) of the European Convention on Human Rights, with regard to two applicants, on account of the blood tests they had been required to undertake.  The Court considered that the blood samples imposed on two applicants had amounted to an interference with their private life and noted that this had not been in accordance with the law within the meaning of Article 8 of the Convention, given that the provisions of domestic law in issue ought to h...
Read more

Alleged bullying of whistle-blowing prison guard - Violation of right to respect for private life (ECtHR)

Image
In its Chamber judgment in the case of Špadijer v. Montenegro (application no. 31549/18) the European Court of Human Rights held, unanimously, that there had been a violation of Article 8 (right to respect for private life) of the European Convention on Human Rights. The case concerned the alleged bullying of a prison guard following her reporting an incident involving male prison guards coming into the women’s prison where she worked and their inappropriate contact with female prisoners, and her attempts to address this with the authorities. The Court found in particular that the manner in which the legal mechanisms had been implemented in the applicant’s case had been inadequate, constituting a violation of the obligation on the State to protect her rights. Facts of the case The applicant, Daliborka Špadijer, is a Montenegrin national who was born in 1978 and lives in Podgorica. In 2013 Ms Špadijer, then head-of-shift prison guard in a women’s prison, reported five colleagues for an ...
Read more

Swiss franc loans and borrowers’ rights in the light of 4 important judgments of the European Court of Justice

Image
By George Kazoleas, Lawyer LL.M. The EU Court of Justice has issued important decisions in recent years on the issue of bank foreign currency loans, essentially in Swiss francs, which has created significant case law useful for defending the interests of borrowers who have been “trapped” by credit institutions in contracts with abusive currency risk clauses resulting in undue overchargings. In summing up this case-law, the European Court of Justice has reached the following main conclusions: 1.The loan agreement must set out in a transparent manner the exact functioning of the foreign currency conversion mechanism and the exchange rate clause so that the consumer can assess the financial consequences of this mechanism. 2.The borrower must be clearly informed by the bank that, by concluding a loan agreement in a foreign currency, he / she is exposed to a certain foreign exchange risk that he / she may find it difficult to cope with in the event of a devaluation of the currency a...
Read more