The Problem With Requesting Your Data From Netflix
I think it's safe to say most of us share our Netflix account with someone—be it family or friends. Personally, I used to share mine with friends back when I was still a student and was broke. Even though in recent times Netflix has made sharing an account increasingly difficult (more on that in later posts)
Anyways, if you are a Netflix user and also care a bit about your privacy, they have a great feature with which you can find out what personal information Netflix holds about you and how you can request a copy. The best part is that it is available to all users across all geographical locations (and languages?). Thanks to GDPR (General Data Protection Regulation), this was made possible with a process called subject access request (SAR). It means as users of a particular service we have the right to request an organization to access a copy of the personal data that they hold about us (basically asking to see what data they have about you in their servers).
If you’re a Netflix account owner or if you are one of the members in a shared Netflix account, you could place a subject access request (SAR). But the catch is - regardless of who requests a subject access request, the Netflix account owner will be notified. This feature for all its good intentions seems a little flawed. I wanted to highlight how this could get a little complicated.
Picture this - a conservative family (By conservative, I mean a family that often emphasizes strong religious faith, conventional morality, and clear gender roles) consisting of a father, mother and a twenty year old sharing a Netflix account and living in the same location. The twenty year old in our scenario watches Netflix from their smartphone. They also want to hide what they watch from their family. They could do so by - a) having their profile locked or b) manually removing TV shows/movies from their watchlist or c) use the ‘Hide all’ feature (To learn more - How to hide titles from viewing history). If the dad or mom of the family places a SAR, the twenty year old’s watching history could be made available to them.
Most of us consider watching Netflix to be a private "me-time" activity, and while some of us have nothing to hide in our watch history, I'd feel more comfortable knowing that the details of what I watch on my shared account is for my eyes only.
I wholeheartedly appreciate Netflix for enabling this feature for all their customers. It would be even better if each user within an account could view only their own data in a Subject Access Request (SAR). It is easier said than done but I feel Netflix could start from here:
Each user in a shared account should also connect their email address with Netflix
Mandate users in a shared account to set up a profile pin
A combination of the above two actions could be made compulsory for a user to be able to submit a SAR. This could in turn ensure that the original user can request a copy of their information from Netflix in addition to deterring bad actors from getting their hands on data that is not theirs.
These changes would ensure greater privacy and granular control for all users.