Netflix shares data about your ad interactions, device identifiers, and inferred household preferences with advertising partners, and also receives behavioral profiles about you from those partners.
This analysis describes what Netflix's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy authorizes a two-directional data flow with Advertising Companies: Netflix both provides user interaction and device data to these companies and receives behavioral profiles derived from users' activity on unaffiliated services, which may constitute sharing of personal information under CCPA/CPRA.
The updated privacy statement now explicitly discloses that Netflix collects voice inputs including transcripts and recordings when users interact with voice-related features, and that it makes infer…
The updated Privacy Statement explicitly discloses that Netflix collects voice inputs, including transcripts and recordings, when you use voice-related features on the service. The policy also expand…
The updated privacy statement reorganizes and consolidates disclosures rather than expanding data collection practices. However, the statement removes explicit reference to the US State Privacy Notic…
The policy authorizes Netflix to share device identifiers, ad interaction data, and household-level inferences with Advertising Companies, and to receive interest and demographic profiles from these companies based on your activity elsewhere online. This data flow may qualify as sharing personal information for cross-context behavioral advertising under California law, triggering opt-out rights.
How other platforms handle this
We share information with third parties who help us operate our business, including to assist us with marketing campaigns, advertising, analytics and research. These service providers are given access to your information as reasonably necessary to perform these tasks on our behalf and are obligated ...
We may disclose your information with our business partners. We may share your personal information with our business partners, such as companies that partner with us to offer certain products or services. We may share your personal information with advertising partners. We work with third-party adv...
We may share your personal information with third-party advertising partners to provide you with advertisements we believe you may find of interest. We do not control these third parties' tracking technologies or how they may be used. If you have questions about an advertisement or other targeted co...
Monitoring
Netflix has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information about the advertisements on the Netflix service that you view or interact with, device information (such as resettable device identifiers), IP addresses, inferences we make about you or your household based on data we collect from or about you (such as the types of ads you or your household prefer to see), and information provided by Advertising Companies (such as your demographic information, likely interests they have collected or inferred from your interactions and purchases through their own and other websites and apps).— Excerpt from Netflix's Netflix Privacy Statement
1) REGULATORY LANDSCAPE: CCPA/CPRA defines sharing personal information for cross-context behavioral advertising as a regulated activity requiring opt-out rights (Section 1798.120). GDPR requires a lawful basis for disclosing personal data to third-party advertising processors or controllers. The FTC has jurisdiction over deceptive data sharing practices. Depending on the contractual structure of Advertising Company relationships, these disclosures may constitute sales of personal information under some state privacy laws. 2) GOVERNANCE EXPOSURE: High. The provision authorizes disclosure of device identifiers, inferences, and ad interaction data to Advertising Companies, and receipt of behavioral profiles in return. Whether these flows constitute sales or sharing under CCPA/CPRA, or require consent under GDPR, depends on the specific contractual and operational arrangements with each Advertising Company. 3) JURISDICTION FLAGS: California CPRA creates the most direct exposure given its explicit opt-out rights for sharing for cross-context behavioral advertising. EU/EEA GDPR requires adequate safeguards or consent for data disclosures to third parties. Virginia CDPA, Colorado CPA, and other state comprehensive privacy laws may impose analogous requirements. 4) CONTRACT AND VENDOR IMPLICATIONS: Each Advertising Company relationship should be documented with a data processing or data sharing agreement specifying permitted uses, retention limits, and deletion obligations. Compliance teams should confirm that Advertising Companies are not using Netflix-derived data for purposes beyond those disclosed. 5) COMPLIANCE CONSIDERATIONS: Netflix should maintain and publish an up-to-date list or category description of Advertising Companies it shares data with, as required by CCPA/CPRA. Opt-out mechanisms for California and other applicable residents should be audited for accessibility and effectiveness. GDPR Article 13/14 disclosure obligations regarding third-party data recipients should be reviewed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy authorizes a two-directional data flow with Advertising Companies: Netflix both provides user interaction and device data to these companies and receives behavioral profiles derived from users' activity on unaffiliated services, which may constitute sharing of personal information under CCPA/CPRA.
The policy authorizes Netflix to share device identifiers, ad interaction data, and household-level inferences with Advertising Companies, and to receive interest and demographic profiles from these companies based on your activity elsewhere online. This data flow may qualify as sharing personal information for cross-context behavioral advertising under California law, triggering opt-out rights.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Netflix.