Netflix shares data about your ad interactions, device identifiers, and inferred household preferences with advertising partners, and also receives behavioral profiles about you from those partners.
This analysis describes what Netflix's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy authorizes a two-directional data flow with Advertising Companies: Netflix both provides user interaction and device data to these companies and receives behavioral profiles derived from users' activity on unaffiliated services, which may constitute sharing of personal information under CCPA/CPRA.
The updated privacy statement now explicitly discloses that Netflix collects voice inputs including transcripts and recordings when users interact with voice-related features, and that it makes inferences about user and household preferences for ad targeting purposes. The statement adds a new section titled 'Supplemental Privacy Disclosures for US Residents' that references a separate US State Privacy Notice containing 'Notice at Collection' details, alongside new subsections covering personal information collection, uses, disclosure for business purposes, data sales or sharing, retention, use of de-identified information, appeals rights, and financial incentive notices. The change brings the privacy statement into alignment with state privacy laws like CCPA and similar frameworks. You can access the US State Privacy Notice by clicking the provided link, visiting netflix.com/privacy#states, or scrolling to the new US residents section.
View change record →The updated privacy statement reorganizes and consolidates disclosures rather than expanding data collection practices. However, the statement removes explicit reference to the US State Privacy Notice from the main body, requiring users to navigate to supplemental sections to access state-specific privacy rights and disclosures. The revised language also removes the prior statement that Netflix makes inferences about household ad preferences, and removes mention of voice inputs and transcripts from the usage information description, narrowing the scope of explicitly disclosed data collection practices. You can access US state privacy notices by navigating to the 'Supplemental Privacy Disclosures for Certain Services' section or visiting netflix.com/privacy#states.
View change record →The policy authorizes Netflix to share device identifiers, ad interaction data, and household-level inferences with Advertising Companies, and to receive interest and demographic profiles from these companies based on your activity elsewhere online. This data flow may qualify as sharing personal information for cross-context behavioral advertising under California law, triggering opt-out rights.
How other platforms handle this
Sending you information about Adobe products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes, where your consent is not required; In some cases, in order to show you more relevant ads, we disclose with social medi...
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...
Monitoring
Netflix has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information about the advertisements on the Netflix service that you view or interact with, device information (such as resettable device identifiers), IP addresses, inferences we make about you or your household based on data we collect from or about you (such as the types of ads you or your household prefer to see), and information provided by Advertising Companies (such as your demographic information, likely interests they have collected or inferred from your interactions and purchases through their own and other websites and apps).— Excerpt from Netflix's Netflix Privacy Statement
1) REGULATORY LANDSCAPE: CCPA/CPRA defines sharing personal information for cross-context behavioral advertising as a regulated activity requiring opt-out rights (Section 1798.120). GDPR requires a lawful basis for disclosing personal data to third-party advertising processors or controllers. The FTC has jurisdiction over deceptive data sharing practices. Depending on the contractual structure of Advertising Company relationships, these disclosures may constitute sales of personal information under some state privacy laws. 2) GOVERNANCE EXPOSURE: High. The provision authorizes disclosure of device identifiers, inferences, and ad interaction data to Advertising Companies, and receipt of behavioral profiles in return. Whether these flows constitute sales or sharing under CCPA/CPRA, or require consent under GDPR, depends on the specific contractual and operational arrangements with each Advertising Company. 3) JURISDICTION FLAGS: California CPRA creates the most direct exposure given its explicit opt-out rights for sharing for cross-context behavioral advertising. EU/EEA GDPR requires adequate safeguards or consent for data disclosures to third parties. Virginia CDPA, Colorado CPA, and other state comprehensive privacy laws may impose analogous requirements. 4) CONTRACT AND VENDOR IMPLICATIONS: Each Advertising Company relationship should be documented with a data processing or data sharing agreement specifying permitted uses, retention limits, and deletion obligations. Compliance teams should confirm that Advertising Companies are not using Netflix-derived data for purposes beyond those disclosed. 5) COMPLIANCE CONSIDERATIONS: Netflix should maintain and publish an up-to-date list or category description of Advertising Companies it shares data with, as required by CCPA/CPRA. Opt-out mechanisms for California and other applicable residents should be audited for accessibility and effectiveness. GDPR Article 13/14 disclosure obligations regarding third-party data recipients should be reviewed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy authorizes a two-directional data flow with Advertising Companies: Netflix both provides user interaction and device data to these companies and receives behavioral profiles derived from users' activity on unaffiliated services, which may constitute sharing of personal information under CCPA/CPRA.
The policy authorizes Netflix to share device identifiers, ad interaction data, and household-level inferences with Advertising Companies, and to receive interest and demographic profiles from these companies based on your activity elsewhere online. This data flow may qualify as sharing personal information for cross-context behavioral advertising under California law, triggering opt-out rights.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Netflix.