It turns out Bandersnatch, the new Black Mirror release that allows viewers to choose their own path in the storyline, “was largely a data-harvesting operation” according to Vice Motherboard. Michael Veale, a technology policy researcher at University College London, investigated such claims that were circulating social media platforms and found the Netflix’s motivations were not purely creative or experimental.
Because of the General Data Protection Regulation (GDPR), any average citizen can inquire to a company about various data collection practices, including what the purpose of the collection is and how long the store the information. Veale invoked these rights when he emailed Netflix about possible privacy violations behind Bandersnatch, but found that the process was a bit clunky.
“It was tricky, as I had to ask these questions specifically,” Veale told Vice Motherboard contributor Matthew Gault in an email. “It’s unclear if this is included by default in requests to get your data from Netflix or not—I can tell you often this kind of specific data is not included when you ask for ‘all your data.’ Knowing what ‘all your data’ is, and what the company’s definition of ‘all your data’ does not include, is most of the challenge.”
After Netflix finally relinquished the information he was looking for, Veale discovered that though the streaming giant understandably tracks the users’ decisions throughout the movie, it is storing those decisions well after its finale. It also stores aggregated forms of the users choice to “help [Netflix] determine how to improve this model of storytelling in the context of a show or movie,” the company wrote to him in an email.
“They claim they’re doing the processing as it’s ‘necessary’ for performing the contract between me and Netflix,” wrote Veale. “Is storing that data against my account really ‘necessary’? They clearly haven’t delinked it or anonymised it, as I’ve got access to it long after I watched the show. If you asked me, they should really be using consent (which you should be able to refuse) or legitimate interests (meaning you can object to it) instead.”
Many of his colleagues were turned away when trying to accomplish the same feat as Veale, who is a public figure known for his work in using GDPR to get data out of big tech companies.
“I’m hoping it inspires people to reach to their rights in situations like these, and to normalise them,” he said. “When companies get more and more requests, they’ll have to streamline them for the sake of economising, and that in turn will benefit all users.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply