What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@netflix.com', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': 'After cancelling your Netflix membership, email privacy@netflix.com to submit a formal data deletion request under CCPA §1798.105 or GDPR Art. 17. Include your account email address and specify that you are requesting erasure of all personal data held post-cancellation.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has authority over deceptive retention practices under Section 5 of the FTC Act, including representations about data deletion that are not fulfilled.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'California AG and CPPA enforce CCPA/CPRA deletion rights and Notice at Collection retention disclosure requirements; other state AGs enforce parallel rights under state privacy laws.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Data Retention Post-Cancellation clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Data Retention Post-Cancellation — Netflix

Share 𝕏 Share in Share 🔒 PDF

What it is

Netflix keeps your personal data even after you cancel your subscription, for as long as it deems necessary for legal, business, or fraud-prevention reasons — there is no fixed deletion timeline.

Consumer impact (what this means for users)

Cancelling your Netflix account does not result in automatic deletion of your personal data — Netflix retains it for unspecified periods citing legal compliance, fraud prevention, and business purposes, which may conflict with GDPR's data minimisation and storage limitation principles.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

After cancelling your Netflix membership, email privacy@netflix.com to submit a formal data deletion request under CCPA §1798.105 or GDPR Art. 17. Include your account email address and specify that you are requesting erasure of all personal data held post-cancellation.

Cross-platform context

See how other platforms handle Data Retention Post-Cancellation and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The absence of a fixed data retention period means your viewing history, payment data, and personal details may be held by Netflix indefinitely after you cancel, which limits your practical ability to fully erase your digital footprint.

View original clause language

We retain personal information for as long as necessary to provide the Netflix service, manage our business, comply with legal obligations, resolve disputes, and enforce our agreements. We retain the personal information we collect about you even after you have cancelled your Netflix membership if retention is reasonably necessary to comply with our legal obligations, resolve disputes, prevent fraud and abuse, enforce our agreements, or for other business purposes.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: GDPR Art. 5(1)(e) (storage limitation principle — data kept no longer than necessary); GDPR Art. 17 (right to erasure, subject to exceptions for legal obligation and public interest); CCPA §1798.105 (right to deletion, subject to exceptions); CPRA requirements for data minimisation and retention schedules disclosed in the Notice at Collection. Enforcement: California AG/CPPA, EU supervisory authorities, FTC. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has authority over deceptive retention practices under Section 5 of the FTC Act, including representations about data deletion that are not fulfilled.
File a complaint →
State AG

California AG and CPPA enforce CCPA/CPRA deletion rights and Notice at Collection retention disclosure requirements; other state AGs enforce parallel rights under state privacy laws.
File a complaint →

Provision details

Document information

Document

Netflix Privacy Statement

Entity

Netflix

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003913

Document ID

CA-D-00039

Evidence Provenance

Source URL

https://help.netflix.com/legal/privacy

Wayback Machine

View archived versions →

SHA-256

d27224424a6bddb6d5dc00d988f6cb15e4333093145ecdff869901320f146dfb

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Netflix | Document: Netflix Privacy Statement | Record: CA-P-003913
Captured: 2026-04-28 08:58:31 UTC | SHA-256: d27224424a6bddb6…
URL: https://conductatlas.com/platform/netflix/netflix-privacy-statement/data-retention-post-cancellation/
Accessed: May 2, 2026

Classification

Severity

Medium

Data Retention Post-Cancellation