Since the end of December, Netflix has been broadcasting Black Mirror: Bandersnatch, an interactive movie where the viewer is regularly invited to choose between two proposals to advance in the story and discover one of the many denouements (also read Netflix: the interactive episode of Black Mirror incompatible with the Apple TV).
Michael Veale, a technology policy researcher, used the RGPD to ask Netflix what information was stored by the service after watching the movie. In a thread on Twitter he reports of the answer obtained and the documents transmitted.
In exchange for his questions, accompanied by a photo of his passport, he received two reply mails as well as two spreadsheet and PDF files, with encrypted and readable content after using a code given by Netflix.
It turns out that all the choices he has made over the plot are still preserved and associated with his profile. That's almost two months after the movie.
Contact Netflix was not complicated – a simple email – but he had to be very precise about the subject of his request and what he wanted to get exactly. A more general request on " his data "May not have given rise to the communication of these in particular, he said.
How long does Netflix keep this data and what is its policy regarding deletion? On these points there were no details. Michael Veale is surprised at the persistence of this storage which is not anonymous. Netflix could be more transparent about this and start by seeking the user's consent before the film or in general if these kinds of interactive works come to multiply.
The motivation of the researcher is above all of an educational nature, he explained to Motherboard. He wants to get people to consider this type of queries as normal and to use this right extensively. So that online services improve and standardize their response mechanisms to make them more complete and accurate.