Netflix pays $9M to settle user-data misuse charges; aims to misuse more data with Facebook

Settled suit over retained customer records clears deck for lobbying assault on data-privacy laws

Netflix has agreed to pay $9 million to settle a lawsuit based on a 1988 law passed by a Congress indignant over the publication of Supreme Court nominee Robert Bork's movie-rental history.

The suit was filed last year by Netflix customers who found, after starting new Netflix accounts that the video-streaming company had kept copies of their personal information and rental history from accounts that had been closed long before.

The federal Video Privacy Protection Act (VPPA) forbids video rental companies from disclosing any personally identifiable personal information or any information about either the genres or specific titles a customer had rented in the past.

Virginia residents Jeff Milans and Peter Comstock filed suit last year, according to the Washington Post, after signing up for a new account and finding Netflix had kept records of the DVD and streaming videos the two rented as well as their personal contact information.

Retaining data on individual users, as well as anonymized aggregations of data showing user behavior, makes it easier to recreate recommendation lists for customers returning to the service after having closed previous accounts.

VPPA, however, requires rental companies to delete personal data and rental histories after an account has been closed for a year or more.

That provision cost Netflix at least $9 million according to an update for investors that Netflix published today as an amendment to the quarterly Form 8-K earnings report it filed Jan. 25. The settlement happened after the numbers for that quarter had already closed, according to a statement from Netflix.

Though restrictions on the type of data a service company can keep and the length of time it can retain personally identifiable records could cause endless trouble for non-video-rental companies such as Facebook, they are currently keeping Netflix itself away from Facebook.

Netflix has been lobbying Congress to update VPPA in ways that would allow it to automatically list on Facebook the movies joint customers had been watching on Netflix.

Neflix, which acknowledged no wrongdoing despite agreeing to the settlement, seems to have taken the wrong lesson from both VPPA and the lawsuit.

Spending $9 million to pay customers angry over the liberties Netflix took with their records should raise a red flag over the whole customer-record-exploitation issue.

It shouldn't just prompt new efforts to get Congress to soften the rules so Netflix and Facebook can do what they want with private customer histories. Especially after years of being prevented from doing so by a law passed for silly reasons under curious circumstances, but which the Electronic Privacy Information Center describes having provided "one of the strongest protections of consumer privacy against a specific form of data collection."

Too bad Netflix couldn't learn that part of its lesson as well.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon