Netflix states its service is not directed at children under 13 and that it does not knowingly collect data from this age group, with a process for parents to report potential inadvertent collection.
This analysis describes what Netflix's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes Netflix's operational position regarding compliance with the Children's Online Privacy Protection Act (COPPA) and similar regulatory frameworks governing collection of data from minors under 13. It creates a notification channel through which alleged unauthorized collection can be reported for remedial action.
Interpretive note: The COPPA 'not knowingly' standard for general audience services may be complicated by the existence of Netflix Kids profiles and child-directed content on the platform, creating some interpretive uncertainty about the service's legal characterization.
The updated privacy statement now explicitly discloses that Netflix collects voice inputs including transcripts and recordings when users interact with voice-related features, and that it makes inferences about user and household preferences for ad targeting purposes. The statement adds a new section titled 'Supplemental Privacy Disclosures for US Residents' that references a separate US State Privacy Notice containing 'Notice at Collection' details, alongside new subsections covering personal information collection, uses, disclosure for business purposes, data sales or sharing, retention, use of de-identified information, appeals rights, and financial incentive notices. The change brings the privacy statement into alignment with state privacy laws like CCPA and similar frameworks. You can access the US State Privacy Notice by clicking the provided link, visiting netflix.com/privacy#states, or scrolling to the new US residents section.
View change record →The updated privacy statement reorganizes and consolidates disclosures rather than expanding data collection practices. However, the statement removes explicit reference to the US State Privacy Notice from the main body, requiring users to navigate to supplemental sections to access state-specific privacy rights and disclosures. The revised language also removes the prior statement that Netflix makes inferences about household ad preferences, and removes mention of voice inputs and transcripts from the usage information description, narrowing the scope of explicitly disclosed data collection practices. You can access US state privacy notices by navigating to the 'Supplemental Privacy Disclosures for Certain Services' section or visiting netflix.com/privacy#states.
View change record →Parents and guardians should be aware that while Netflix states it does not knowingly collect data from children under 13, the service does not appear to have active age-verification mechanisms, relying instead on account holder representations. If you believe a child's data has been collected, you can report it to privacy@netflix.com.
How other platforms handle this
If you're under the age required to manage your own Google Account, you must have your parent or legal guardian's permission to use a Google Account. Please have your parent or legal guardian read these terms with you. If you're a parent or legal guardian, and you allow your child to use the service...
You must be at least 13 years old to use our Services (or such greater age required in your country). In addition to being of the minimum required age to use our Services under applicable law, if you are not old enough to have authority to agree to our terms in your country, your parent or guardian ...
By using or accessing the Services, you agree to be bound by this Agreement and acknowledge and agree to the collection, use, and disclosure of your personal information in accordance with DoorDash's Privacy Policy, which is incorporated in this Agreement by reference. You also agree to abide by any...
Monitoring
Netflix has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"The Netflix service is a general audience service and is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13 years old as part of the Netflix service. If you believe that we have inadvertently collected personal information of a child under 13 years old, or if you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at privacy@netflix.com.— Excerpt from Netflix's Netflix Privacy Statement
REGULATORY LANDSCAPE: COPPA, enforced by the FTC, prohibits the collection of personal information from children under 13 without verifiable parental consent, and applies to general audience services that have actual knowledge they are collecting data from this age group. Netflix's policy relies on a 'not knowingly' standard, which COPPA permits for general audience sites but which requires the service to avoid directing content toward children under 13. The California Age-Appropriate Design Code (AB 2273) imposes additional obligations on services likely to be accessed by minors under 18, including data protection impact assessments. GDPR Article 8 sets the digital consent age at 13 to 16 depending on the EU member state. GOVERNANCE EXPOSURE: Medium. The 'not knowingly' standard provides COPPA compliance for general audience services but may not be sufficient if Netflix's service or specific features are found to be directed at children in practice. The existence of Netflix Kids profiles and content curated for children may complicate the general audience characterization, creating a risk that regulators could view certain Netflix features as directed at children for COPPA purposes. JURISDICTION FLAGS: The US (FTC COPPA enforcement) and California (Age-Appropriate Design Code) create the highest exposure. EU member states have varying digital consent ages under GDPR Article 8. The UK has the Children's Code (Age-Appropriate Design Code) administered by the ICO, which imposes design and data minimization obligations for services likely to be accessed by children under 18. CONTRACT AND VENDOR IMPLICATIONS: Service providers processing data that may include children's data (such as analytics or advertising vendors) should be contractually prohibited from using such data for behavioral advertising or profiling in violation of COPPA or applicable state laws. Vendor agreements should include representations about COPPA compliance. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether Netflix Kids profiles or content features cross the threshold of being directed to children under 13 for COPPA purposes, potentially requiring verifiable parental consent mechanisms. A DPIA under California's AB 2273 may be required given Netflix's likely access by minors. The UK ICO's Children's Code compliance review should be conducted for UK-based service operations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes Netflix's operational position regarding compliance with the Children's Online Privacy Protection Act (COPPA) and similar regulatory frameworks governing collection of data from minors under 13. It creates a notification channel through which alleged unauthorized collection can be reported for remedial action.
Parents and guardians should be aware that while Netflix states it does not knowingly collect data from children under 13, the service does not appear to have active age-verification mechanisms, relying instead on account holder representations. If you believe a child's data has been collected, you can report it to privacy@netflix.com.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Netflix.