Netflix states it uses cookies, resettable device identifiers, advertising identifiers, and pixel tags to track users' activity on and off the Netflix service for purposes including authentication, analytics, and advertising.
This analysis describes what Netflix's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy discloses the use of advertising identifiers and third-party tracking technologies for behavioral advertising, which may require consent under EU and UK cookie laws and GDPR, and opt-out mechanisms under CCPA/CPRA.
The updated privacy statement now explicitly discloses that Netflix collects voice inputs including transcripts and recordings when users interact with voice-related features, and that it makes inferences about user and household preferences for ad targeting purposes. The statement adds a new section titled 'Supplemental Privacy Disclosures for US Residents' that references a separate US State Privacy Notice containing 'Notice at Collection' details, alongside new subsections covering personal information collection, uses, disclosure for business purposes, data sales or sharing, retention, use of de-identified information, appeals rights, and financial incentive notices. The change brings the privacy statement into alignment with state privacy laws like CCPA and similar frameworks. You can access the US State Privacy Notice by clicking the provided link, visiting netflix.com/privacy#states, or scrolling to the new US residents section.
View change record →The updated privacy statement reorganizes and consolidates disclosures rather than expanding data collection practices. However, the statement removes explicit reference to the US State Privacy Notice from the main body, requiring users to navigate to supplemental sections to access state-specific privacy rights and disclosures. The revised language also removes the prior statement that Netflix makes inferences about household ad preferences, and removes mention of voice inputs and transcripts from the usage information description, narrowing the scope of explicitly disclosed data collection practices. You can access US state privacy notices by navigating to the 'Supplemental Privacy Disclosures for Certain Services' section or visiting netflix.com/privacy#states.
View change record →The policy authorizes Netflix to collect cookie data, advertising identifiers, and resettable device identifiers for tracking and advertising purposes. Users can manage these preferences through cookie settings linked from Netflix pages.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Netflix has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"cookie data, resettable device identifiers, advertising identifiers and other unique identifiers (described below in the section "Cookies and other Technologies").— Excerpt from Netflix's Netflix Privacy Statement
1) REGULATORY LANDSCAPE: EU ePrivacy Directive and GDPR require informed consent for non-essential cookies and tracking technologies for EU/EEA users. UK PECR (Privacy and Electronic Communications Regulations) contains analogous requirements. CCPA/CPRA requires opt-out rights for sale or sharing of personal information collected via cookies and identifiers. The FTC Act applies to deceptive cookie consent practices. 2) GOVERNANCE EXPOSURE: Medium. Netflix's cookie consent mechanisms must satisfy GDPR and ePrivacy Directive consent standards for EU/EEA users, including granular consent per cookie category. The adequacy of Netflix's OneTrust-based consent management platform (referenced in the page source) should be confirmed against current regulatory guidance. 3) JURISDICTION FLAGS: EU/EEA users have the most direct exposure given ePrivacy Directive and GDPR consent requirements for cookies. California CPRA requires opt-out of sharing personal information collected via tracking technologies. UK PECR applies to UK users. Other US state privacy laws (Virginia, Colorado, Connecticut) impose opt-out rights for targeted advertising using tracking technologies. 4) CONTRACT AND VENDOR IMPLICATIONS: Third-party advertising and analytics vendors placing cookies or tracking technologies on Netflix properties should be covered by appropriate data processing agreements. The scope of data these vendors collect and their permitted uses should be audited. 5) COMPLIANCE CONSIDERATIONS: Netflix's OneTrust consent management platform configuration should be audited to confirm it captures valid consent per GDPR and ePrivacy standards, including granular category-level choices. Cookie inventory should be maintained and updated to reflect all third-party tracking technologies in use. Opt-out links for California and other applicable residents should be tested for functionality.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy discloses the use of advertising identifiers and third-party tracking technologies for behavioral advertising, which may require consent under EU and UK cookie laws and GDPR, and opt-out mechanisms under CCPA/CPRA.
The policy authorizes Netflix to collect cookie data, advertising identifiers, and resettable device identifiers for tracking and advertising purposes. Users can manage these preferences through cookie settings linked from Netflix pages.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Netflix.