Yes, that Netflix tweet is creepy — and raises serious privacy questions

Netflix's ability to extrapolate detailed and specific viewing habits from its vast data set leaves troubling questions about its employees' access to personal customer information.

(Source: Twitter)

A snarky tweet posted by Netflix this weekend drew laughs -- and concern.

The tweet mocked a few dozen unnamed customers who've spent the past three weeks watching its heavily promoted "A Christmas Prince." The tweet, which at the time of writing had more than 103,000 retweets (and growing), became one of the streaming site's most popular tweets in just hours after it was posted.

Here are 2017's biggest hacks, leaks, and data breaches — so far

Dozens of data breaches, millions of people affected.

Read More

The tweet, posted Sunday, said: "To the 53 people who've watched A Christmas Prince every day for the past 18 days: Who hurt you?"

In saying so, Netflix not only admitted that the company can determine with accuracy how many of its over 100 million customers watch a certain show over a period of time, but also that some employees have access to that viewing data.

No wonder some users found the tweet "creepy."

Also: Netflix is watching you. We're all watching you

It should come as no surprise that Netflix collects data on its users as it uses data analytics to algorithmically recommend new shows and to help improve its services. But some argued that Netflix was effectively abusing its privileged position to make jokes about its own customers.

"My personal viewing habits are not fodder for tweets," said one Twitter user in response to the tweet.

We asked Netflix how many employees have access to customers' viewing habits and if there are any controls on who can access and what can be done with the data.

A Netflix spokesperson would not address those specific questions, but sent ZDNet a canned statement.

"The privacy of our members' viewing is important to us," the spokesperson said. "This information represents overall viewing trends, not the personal viewing information of specific, identified individuals."

In fairness, Netflix isn't the first company to use its vast wealth of data for marketing or advertising.

Spotify last year ran an advertising campaign that took some of the stranger, quirkier statistics from the company's year worth of streaming -- like, "Dear 3,749 people who streamed 'It's the End of the World as We Know It' the day of the Brexit vote, hang in there."

We also asked Spotify the same questions, but the company did not respond.

Using anonymized customer data in bulk for advertising isn't unlawful, so long as the information isn't publicly attached to a specific customer's name. Similarly, under a little-known 1988 law, the Video Privacy Protections Act, Netflix and other streaming companies are barred from disclosing a consumer's viewing habits without consent.

But even when data is supposedly anonymized, it can be flawed.

Some years ago, Netflix released a data set of 100 million movie ratings by a little under half-a-million of its customers. The data was anonymized -- each name was replaced with a unique identifying number -- but researchers were able to unmask some users.

Netflix eventually settled a class action suit brought under the 1988 privacy law for $9 million, but the company did not admit any wrongdoing.

Netflix's ability to extrapolate detailed and specific viewing habits from its vast data set leaves troubling questions about employee access to personal customer information.

It's not only a reminder that companies collect and store but also generate vast amounts of data on its customers, and that companies can do almost anything they want with it -- even sending out snarky, creepy tweets to their 4.2 million followers.

Got a tip?

You can send tips securely over Signal and WhatsApp at 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More