Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Dutch Government identifies Netflix privacy policy discrepancies but says enforcement outside of Dutch watchdog's jurisdiction

The Dutch Government has flagged discrepancies with video streaming service Netflix's privacy policy, but has admitted that the country's data protection watchdog has no jurisdiction to take enforcement action against the company.09 Oct 2013

Netflix began operating in the Netherlands in September. In its privacy policy the company says that it tracks users' interactions with its service and that it collects both personal and non-personal information from users.

However, the Dutch Security and Justice Minister Sander Dekker has identified discrepancies in how Netflix has defined 'personal information' within its privacy policy and how the term is defined under data protection laws in the country.

According to the Netflix policy, personal information relates to "information that can be used to uniquely identify or contact you". However, it has said that it considers "information that does not permit direct association with you" to be non-personal information, and explains that it can "collect, use, transfer and disclose non-personal information for any purpose".

Dekker said that Dutch data protection laws apply to information that can both be directly and indirectly linked to individuals.

"'Personal data' means any information relating to an identified or identifiable natural person," Dekker said, according to an automated translation of answers he gave to questions raised about Netflix's privacy policy (4-page / 42KB PDF) by Dutch MP Kees Verhoeven.

"A person can be identified if he / she can be identified, for example on the basis of an identification number directly or indirectly," Dekker added. If it does not take "disproportionate effort" to link information to an individual then that information is to be considered to be personal data, he said.

Dekker said that Netflix would require specific, explicit consent to collect and use sensitive data that they may derive from data gleaned from viewer behaviour.

Dekker said, though, that Netflix is not subject to the Data Protection Act in the Netherlands. This is because it "has no establishment in the Netherlands". The company is based in Luxembourg and is therefore subject to the data protection regime in place in that country, he added.

Both the Netherlands and Luxembourg implement the EU's Data Protection Directive, but the legal frameworks in place in both countries are different owing to the fact that the Directive does not need to be transposed into national laws in identical wording.

Join My Out-Law

  • See only the content that matters to you
  • Tailor Out-Law to your exact needs
  • Save the most useful content for later reading
  • Tailor our weekly eNewsletter to your interests

Join My Out-Law

Already signed up to My Out-Law? Sign in

Expertise in Confidential Information

Ideas, techniques and know-how can lie at the heart of a business. Pinsent Masons' international intellectual property team is dedicated to helping you to protect those intangible valuables that help you to stand out from your competitors.

More about Confidential Information