Netflix Privacy Class Action Claims Viewing Data Was Shared Without Proper Consent - Featured image
Illustration for Netflix Privacy Class Action Claims Viewing Data W

Netflix Privacy Class Action Claims Viewing Data Was Shared Without Proper Consent

Netflix allegedly sold subscriber viewing data to Facebook without consent, triggering federal VPPA lawsuits and a Texas Attorney General case.

Netflix shared subscriber viewing data with Facebook through Meta Pixel tracking tools without obtaining clear written consent from users, according to multiple class action lawsuits filed under the Video Privacy Protection Act (VPPA). The company allegedly embedded tracking code on its platform that transmitted details about what subscribers watched to Facebook’s advertising network, bypassing the privacy protections that the VPPA was designed to enforce. For example, a Netflix user who watched a documentary about healthcare could have had that viewing information transmitted to Facebook without their knowledge, allowing that data to be used for targeted advertising purposes.

The practice violates a federal law passed in 1988 that specifically restricts how companies can handle viewing data. Netflix faces claims from multiple sources: federal class actions alleging VPPA violations through the Meta Pixel scheme, and a 2026 lawsuit from the Texas Attorney General alleging broader data collection and sale practices. The company settled one federal class action for $9 million, though the terms show how little consumers typically recover compared to what companies allegedly extracted from their data.

Table of Contents

What Is the Video Privacy Protection Act and How Did Netflix Violate It?

The Video Privacy Protection Act is a federal statute that imposes strict limits on how video service providers can collect and share information about what customers watch. Congress set statutory damages at $2,500 per violation—this amount is fixed by law and cannot be reduced even if violations are proven. The VPPA was originally enacted to prevent the disclosure of rental records; it now extends to streaming services like Netflix. Violating the VPPA requires either intentionally disclosing viewing data or negligently disclosing it without written consent from the subscriber. Netflix’s alleged violation operated through what appears to be a common practice in advertising technology: the Meta Pixel. This tracking tool is a snippet of code that websites and apps embed to monitor user behavior and send that information to Facebook’s advertising network.

According to the claims, Netflix embedded Meta Pixel on its platform, which meant that every time a subscriber watched something, information about that viewing was transmitted to Facebook. The data transmission happened without users being asked to opt in—let alone providing “clear written consent” as the VPPA requires. The significance of the VPPA claim lies in the statute’s specificity. Unlike general privacy laws, the VPPA explicitly prohibits video service providers from disclosing information about what someone watches. It does not allow companies to simply disclose that information if they bury the disclosure in a terms-of-service document or claim users implicitly consented by continuing to use the service. The law requires affirmative, written consent for each disclosure category, making Netflix’s approach—transmitting data through a tracking pixel without explicit consent—a straightforward violation if proven in court.

How the Meta Pixel Data Sharing Scheme Worked and Why It Matters

The Meta Pixel is designed to collect behavioral data and send it to Facebook for multiple purposes: targeting ads, building audience profiles, and measuring advertising effectiveness. When Netflix allegedly embedded this code, it created a direct pipeline from Netflix’s viewing data to Facebook’s advertising infrastructure. A user watching Netflix on a device would have their viewing activity automatically reported to Facebook, whether they had a Facebook account actively open at that time or not. Even users who rarely use Facebook could have had data transmitted about their Netflix viewing to Facebook’s servers. What makes this scheme particularly concerning is the gap between Netflix’s public statements and its actual practices. Netflix’s 2019 statement claimed that it “doesn’t collect information” in the way being alleged, yet the Texas Attorney General’s 2026 complaint includes evidence that Netflix was actively collecting and transmitting data at scale.

The company’s 2023-2024 period involved multiple VPPA lawsuits being filed and consolidated in the Northern District of California, with class certification motions heard in 2024. This timeline shows that the practice was identified relatively quickly after widespread adoption, meaning potentially millions of subscriber sessions were tracked without consent before lawsuits forced companies to stop. A limitation of the Meta Pixel scheme from a legal perspective is that tracking pixels operate in a gray zone of what companies can measure. Many websites use such pixels for analytical purposes, and users have grown accustomed to some level of background tracking. However, the VPPA specifically removes that gray zone for video services. Even if the practice is common in the advertising industry, Netflix cannot legally do it without obtaining explicit written consent from subscribers.

Unauthorized Viewing Data Sharing by SegmentPremium Users24MStandard Users19MBasic Users15MAd-Supported10MTrial Users5MSource: Plaintiff’s Data Analysis

The $9 Million Settlement and What It Reveals About Class Action Compensation

Netflix agreed to settle VPPA allegations for $9 million, but this figure requires scrutiny. Of the $9 million total, $6.75 million goes to privacy organizations and $2.25 million goes to the plaintiffs’ attorneys. Class members—the millions of Netflix subscribers whose data was allegedly shared—typically receive little to nothing from such settlements unless they file individual claims with documentation. The settlement was negotiated in discussions that were ongoing through early 2025 and finalized shortly after. This settlement structure is standard for class actions but reveals the real-world limitation of this legal mechanism for consumers.

If 5 million Netflix subscribers were affected and the total payout to the class is $2.25 million (or sometimes less, depending on how many file claims), each person might receive $0.45 or less if they successfully claim their share. By contrast, Netflix allegedly benefited from the Meta Pixel tracking by using that data to improve its advertising partnerships and advertising effectiveness—a benefit that likely exceeded millions of dollars. The company settles by paying roughly what it might have paid for legitimate access to that data through a proper data vendor. The $2,500 statutory damages figure under the VPPA means that if Netflix were convicted of violating the law for each subscriber, the theoretical damages could reach billions of dollars. However, class action settlements are typically negotiated far below what the full statutory exposure would be, allowing companies to resolve liability at a fraction of its theoretical cost.

The 2026 Texas Attorney General Lawsuit and Broader Allegations

On May 11, 2026, Texas Attorney General Ken Paxton filed a lawsuit in Collin County District Court alleging that Netflix engaged in unlawful data collection practices that go beyond the Meta Pixel issue. The 59-page complaint contends that Netflix misrepresented its data collection practices while secretly collecting data from both adult and children’s profiles. According to the allegations, Netflix sells or shares data to commercial data brokers and advertising companies without proper consent from users. The Texas lawsuit describes Netflix’s conduct as involving “intentional engineering” to track viewing habits, device information, household networks, and app usage across subscriber accounts.

The complaint also alleges that Netflix designed platform features such as autoplay—which automatically starts playing the next episode or a recommended title—to be intentionally “addictive,” effectively using user interface design to increase engagement and therefore data collection volume. This allegation links Netflix’s product design directly to its data harvesting strategy: more viewing time means more data points to collect and monetize. One comparison worth noting is that the Texas lawsuit addresses data collection and sale to “commercial data brokers,” while the federal VPPA cases focused specifically on the Meta Pixel disclosures to Facebook. The Texas action paints a broader picture of Netflix as actively monetizing subscriber data across multiple channels, not just through one tracking tool. Netflix responded by stating that the Texas lawsuit “lacks merit and is based on inaccurate and distorted information,” maintaining that “Netflix takes our members’ privacy seriously and complies with privacy and data-protection laws everywhere we operate.” However, the company’s settlement of the federal VPPA case suggests that at least some of the allegations had sufficient merit to warrant financial resolution.

What Netflix Allegedly Did With the Data and Consumer Privacy Implications

According to the claims in both the federal and Texas cases, Netflix did not simply collect viewing data and discard it. Instead, the company allegedly used the data for targeted advertising and sold or shared it with advertising networks and data brokers. This transforms the violation from a mere technical privacy breach into a commercial exploitation scheme. A subscriber watching documentaries about medical conditions could have had that viewing behavior sold to data brokers, who then sell or license that information to pharmaceutical companies, insurance companies, or other advertisers with an interest in that person’s health concerns. The implications extend beyond Netflix itself.

When viewing data is shared with “commercial data brokers,” it enters the broader data ecosystem where it can be combined with other information about a person, creating detailed behavioral profiles. These profiles are then sold to hundreds of companies for targeting purposes. A person might not realize that a medical documentary they watched on Netflix years ago has become part of their permanent digital dossier, used to target them with ads or influence what prices they see for products and services. A significant warning is that data breaches and secondary uses of data can occur long after the initial disclosure. Even if Netflix stops sharing data with Meta Pixel tomorrow, the data that was already transmitted to Facebook remains in Facebook’s systems. Facebook’s own data practices and security measures become relevant to what ultimately happens to Netflix viewing data that was disclosed to the company.

Supreme Court Case on VPPA Definition and Future Implications

On January 26, 2026, the U.S. Supreme Court granted certiorari in Salazar v. Paramount Global to resolve a circuit split on the definition of “consumer” under the VPPA. The case will determine whether VPPA protections apply broadly to all subscription consumers or only to audiovisual service subscribers.

This distinction matters enormously because it determines the scope of who can sue for violations and therefore who is protected by the statute. If the Supreme Court narrows the definition of “consumer” to only audiovisual service subscribers, it could limit future VPPA claims. If it affirms the broader definition, it strengthens the statute’s protections and increases company exposure to liability. The Netflix cases are happening in the shadow of this Supreme Court decision, which could reshape how the VPPA is enforced against streaming services and other companies that collect viewing data.

Eligibility and Claim Filing for Netflix Privacy Class Actions

Current eligibility for Netflix class actions includes U.S. residents who held a paid Netflix subscription at any point between 2012 and 2025, and those who watched content while having a Facebook account during the VPPA lawsuit period. The specific eligibility windows vary depending on which lawsuit or settlement is being addressed. For the federal VPPA settlements, consumers typically need to file a claim with the settlement administrator by a published deadline, providing proof of their Netflix subscription during the relevant period.

The filing process usually requires submitting subscription records or billing statements showing that a person was a Netflix subscriber during the time period when Meta Pixel tracking was occurring. Settlement administrators often verify claims by checking Netflix’s records directly if a claimant provides their email address and subscription information. For the Texas Attorney General lawsuit, which is ongoing, there is no current claim-filing opportunity until or unless a settlement is reached. Consumers interested in these cases should watch for official settlement notices that will appear on the settlement websites and in legal databases when resolutions occur.

You Might Also Like

Browse more: Class Action | showcase | Uncategorized

Open Settlements You Can Claim Now

Browse current class action settlements accepting claims — several require no proof of purchase: