What are the institutional and regulatory implications of this document?

(1) REGULATORY EXPOSURE: This policy explicitly engages GDPR Arts. 6, 13, 14, 17, 20, and 28 (lawful basis, data subject rights, processor agreements); CCPA/CPRA §§1798.100, 1798.110, 1798.115, 1798.120, 1798.121, 1798.130, 1798.135, and 1798.140 (consumer rights, sale/sharing opt-out, sensitive personal information); Virginia CDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, Oregon OCPA, and Montana MCDPA. Enforcement authorities include the California AG, California Privacy Protection Agenc…

How does Netflix's Netflix Privacy Statement affect users?

Netflix collects an extensive range of personal data including your viewing and gaming history, voice recordings, precise geolocation, device identifiers, and inferred personal characteristics, and discloses this data to advertising partners, business partners, and service providers globally. For users on ad-supported plans, Netflix explicitly shares viewing activity and behavioral data with third-party advertisers for targeted advertising, and acknowledges this constitutes a 'sale' or 'sharing…

How often is Netflix's Netflix Privacy Statement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Netflix updates this document?

Yes. Watcher subscribers ($9.99/month) can add Netflix to their watchlist and receive same-day email alerts whenever this document or any other Netflix document changes.

Netflix Privacy Statement — Netflix

10 Total

3 High severity

6 Medium severity

1 Low severity

Summary

This is Netflix's privacy policy — the document that explains what personal data Netflix collects about you, including your viewing history, search queries, voice inputs, device location, and payment details, and how that data is used and shared. The single most important thing to know is that Netflix admits it 'sells' and 'shares' your personal information — including your viewing habits and device identifiers — with advertising partners for targeted advertising, which you have the right to opt out of. You can opt out of the sale and sharing of your personal information for advertising by visiting netflix.com/account or using the 'Do Not Sell or Share My Personal Information' link in Netflix's privacy settings.

Technical Summary

This document is Netflix's global Privacy Statement governing the collection, use, and disclosure of personal information across the Netflix service, Netflix Games, and related platforms, operating under multiple legal frameworks including GDPR, CCPA/CPRA, and various US state privacy laws. Netflix's most significant obligations include providing data subject rights (access, deletion, correction, portability, opt-out of sale/sharing), maintaining a Data Protection Officer, and disclosing that personal information including identifiers, viewing history, device data, voice inputs, precise geolocation, and inferred characteristics is collected and disclosed to third-party service providers, advertising partners, and business partners. A notable provision is Netflix's explicit acknowledgment that it 'sells' and 'shares' personal information under CCPA definitions — specifically identifiers, viewing activity, and device/network data — for cross-context behavioral advertising, which creates elevated regulatory exposure and deviates from the more common industry posture of claiming only 'service provider' disclosures. The policy engages GDPR (Arts. 6, 13, 14, 17, 20), CCPA/CPRA (§§1798.100–1798.199), Virginia CDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, Oregon OCPA, and other US state privacy statutes, with enforcement by the FTC, California AG, California Privacy Protection Agency (CPPA), and EU/EEA supervisory authorities. Material compliance considerations include the adequacy of consent mechanisms for voice data collection, the sufficiency of opt-out mechanisms for data sale/sharing for advertising-with-account subscribers, and Netflix's cross-border data transfer reliance on Standard Contractual Clauses.

Evidence Provenance

Captured April 23, 2026 06:05 UTC

Document ID CA-D-000039

Version ID CA-V-000908

Source URL https://help.netflix.com/legal/privacy

Wayback Machine View archived versions →

SHA-256 cb9753efac1180a1cf51a8e7fdd47ccc302ec031e87c5df346481bcd6134af7f

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 23, 2026 — Document updated medium

Netflix updated its Privacy Statement on April 23, 2026, making two types of changes. First, they removed a comma in the section title 'Cookies and Similar Technologies, Pixel Tags, and other Identifiers' — a minor punctuation edit. More importantly, they added language disclosing that they now use cookies and tracking technologies to monitor items you add to a shopping cart, detect when you abandon that cart, and send you reminder messages via SMS. This means Netflix is now tracking shopping behavior and may send you text messages based on your cart activity.

· 4 modified
View diff → View full record →
cb9753ef…
April 19, 2026 — Document updated medium

Netflix updated its Privacy Statement on April 19, 2026, adding a new dedicated section called 'Supplemental Privacy Disclosures for US Residents' that includes detailed information about data collection, use, sale, retention, and privacy rights specific to US users. The policy also now explicitly acknowledges that data protection laws in certain countries or regions may require additional disclosures, and those are collected in the expanded 'Supplemental Privacy Disclosures for Certain Services and Regions' section. These changes improve transparency for US residents by consolidating legally required state-level privacy notices in one accessible place.

86 added · 14 modified
View diff → View full record →
ef24ac57…
April 18, 2026 — Document updated high

Netflix updated its Privacy Statement on April 18, 2026, expanding how it describes the personal data it collects — including voice inputs, transcripts, and recordings when you use voice features, as well as inferences Netflix makes about you and your household for advertising. The policy also now explicitly states that Netflix collects information about you on advertisers' own websites and apps, broadening the scope of data collection beyond the Netflix platform itself. These changes mean Netflix is gathering more types of data about you and tracking you in more places than before.

8 added · 2 removed · 73 modified
View diff → View full record →
6d8263a4…
March 6, 2026 — Initial capture

Initial snapshot — monitoring begins

45873900…

View full version history (0 captures) →

Analyzed Changes

3 changes analyzed since monitoring began.

Updated April 23, 2026

medium

What changed Netflix updated their Netflix Privacy Statement on April 23, 2026. Change detected: 4 sentence(s) modified. Document contained 327 sentences after update.

Consumer impact Netflix has expanded its use of tracking technologies to monitor items you add to a shopping cart and to detect when you leave without purchasing. Based on this tracking, Netflix may now send you SMS (text message) reminders about your abandoned cart. This is a new use of your behavioral data and a new channel for direct marketing contact. You can review and update your communication preferences in your Netflix account settings to manage whether Netflix can contact you via SMS for marketing purposes.

Why it matters Netflix is now tracking your shopping cart behavior and has reserved the right to send you SMS text messages if you don't complete a purchase — a significant expansion beyond its streaming-focused data uses. Users who do not want to receive these messages should review their communication preferences to manage SMS marketing consent.

Updated April 19, 2026

medium

What changed Netflix updated their Netflix Privacy Statement on April 19, 2026. Change detected: 86 sentence(s) added, 14 sentence(s) modified. Document contained 327 sentences after update.

Consumer impact Netflix has added a new section specifically for US residents that details what personal information is collected, how it is used, whether it is sold or shared, how long it is retained, and what privacy rights you have — including an appeals process and notice of financial incentives. This consolidation makes it easier for US consumers to understand their state-level privacy rights without searching through the broader policy. You can review your rights and opt-out options directly at netflix.com/privacy#states.

Why it matters US residents now have a single, consolidated section detailing exactly what data Netflix collects, sells, and shares about them, along with formal rights to appeal privacy decisions. This improves transparency and gives consumers a clearer path to exercising their legal privacy rights under California and other state laws.

Updated April 18, 2026

high

What changed Netflix updated their Netflix Privacy Statement on April 18, 2026. Change detected: 8 sentence(s) added, 2 sentence(s) removed, 73 sentence(s) modified. Document contained 241 sentences after update.

Consumer impact Netflix has expanded the types of personal data it collects to include voice inputs, transcripts, and recordings when you use voice features, and now explicitly tracks inferences it makes about you and your household for advertising purposes. Netflix also now collects data about you from advertisers' own websites and apps — meaning your activity outside Netflix can feed into its advertising profile of you. You can review and adjust your advertising preferences in your Netflix account settings under 'Privacy and Data Settings' to limit how your data is used for targeted advertising.

Why it matters Netflix has significantly expanded what personal data it collects and where it collects it — now including your voice, inferences about your entire household, and your activity on third-party advertiser websites. This means your Netflix profile is now built from more data sources and used in more ways than before, with less explicit consent framing tied to your stated preferences.

Recent Clause-Level Changes Apr 23, 2026

10 provisions unchanged.

View full change record →

High Severity — 3 provisions

Sale and Sharing of Personal Information for Advertising

Netflix shares your personal data — including your identity, viewing habits, location, and device activity — with advertising companies to show you targeted ads, and this legally counts as 'selling' your data under California law.

Added April 28, 2026
Voice Input Collection and Recording

Netflix records and transcribes your voice commands when you use voice-related features on its service, and stores both the audio recordings and written transcripts.

Added April 28, 2026
Minors Data Handling

Netflix says its service is not for children under 13 and claims not to knowingly collect their data without parental consent — but it does not explain how it detects or prevents under-13 users from accessing the platform.

Added April 28, 2026

Medium Severity — 6 provisions

International Transfers of Personal Information

Netflix transfers your personal data from Europe and other countries to the United States and elsewhere, relying primarily on Standard Contractual Clauses (SCCs) to make these transfers legal.

Added April 28, 2026
Data Retention Post-Cancellation

Netflix keeps your personal data even after you cancel your subscription, for as long as it deems necessary for legal, business, or fraud-prevention reasons — there is no fixed deletion timeline.

Added April 28, 2026
Advertising Choices and Opt-Out Mechanisms

Netflix lets you opt out of having your data shared with advertisers for targeted ads through your account settings or by using a Global Privacy Control browser signal, and it does not sell data of known under-16 users.

Added April 28, 2026
Third-Party Disclosure and Service Provider Sharing

Netflix shares your personal data with a wide range of third-party companies — including marketers, payment processors, fraud analysts, and advertisers — to help run and improve its service.

Added April 28, 2026
Precise Geolocation and Device Data Collection

Netflix collects detailed information about your devices — including IP addresses, device identifiers, operating systems, and camera access — alongside your location data, which can be used to determine where you are.

Added April 28, 2026
Changes to Privacy Statement

Netflix can change its privacy policy at any time and treats your continued use of the service as acceptance of the new terms — if you disagree with changes, your only option is to cancel your account.

Added April 28, 2026

Low Severity — 1 provision

Account and Profile Sharing Disclosure

If you share your Netflix account or create profiles for others in your household, those other users can see your viewing history, ratings, and recommendations — so your personal data is visible to everyone on your account.

Added April 28, 2026

Cross-platform context

See how other platforms handle Behavioral Advertising and Third-Party Data Sharing and similar clauses.

Compare across platforms →