Five Years Later, Netflix Fined €4.75M
In a move that would make any slow-moving zombie flick proud, Netflix has been hit with a €4.75 million fine by the Dutch Data Protection Authority (DPA) for violating GDPR regulations. Yes, you read that right—five years after the original complaint. If bureaucracy had an IMDb page, this would be a contender for "Most Tedious Sequel of the Year."
The fine, roughly the cost of a medium-budget Netflix series cancellation, is pocket change for the streaming giant, which casually brought in $33.7 billion in revenue last year. Meanwhile, the DPA's sluggish investigation has been about as fast-paced as a buffering stream on dial-up.
The crime? Failing to adequately inform users about what’s happening with their data. GDPR mandates that EU citizens be told how their personal information is used and gives them the right to ask for it—an apparent plot twist Netflix didn’t see coming. While this sounds serious, the fine lands with all the impact of a wet noodle against the tech behemoth’s fortress of quarterly profits.
Netflix, predictably, isn’t exactly rolling the credits. It’s objecting to the penalty and may even appeal, meaning this saga could stretch longer than the runtime of The Irishman.
But wait, there’s more! The privacy watchdog group noyb, the original complainant, also filed cases against streaming rivals like amazon Prime, apple Music, and YouTube. Spoiler alert: Most of those complaints are still marinating in the legal slow cooker, with only two resolutions to date—one involving Spotify, where noyb had to take legal action just to get the DPA moving, and another obscure Austrian service called Flimmit (yes, apparently that's a real thing).
“Almost all complaints are still pending,” noyb said, with the enthusiasm of someone explaining the plot of Tenet for the 15th time. They’re now taking data authorities in ireland and luxembourg to court over what they describe as “inactivity.” In other words, the regulators are binge-watching the concept of justice at 0.5x speed.
If this five-year saga has proven anything, it’s that enforcing individual rights under GDPR is like waiting for a Netflix recommendation algorithm to show you something you actually want to watch—frustratingly slow and ultimately unsatisfying.