cancel
Showing results for 
Search instead for 
Did you mean: 

IP Addresses and Data Protection

andp256
Newbie
Posts: 4
Fixes: 1
Registered: ‎26-07-2016

IP Addresses and Data Protection

We have had a family subscription to Netflix for some years. My daughter who owns the account moved out a couple of years ago. Today when trying to access Netflix on a streaming device, it said I was blocked due to being in a different household from the account owner. I know that this was due to their new policy on password sharing, which I don't have any problem with as such - a company has every right to set its own terms and conditions of service, and I happily set up a new account for use at my own address.

This did however raise a disturbing question - how did the Netflix system know the physical location of my device? The most logical conclusion would be that it was somehow able to translate my IP address into a geographical address. I would have imagined that an ISP would not be allowed under data protection law to hand out a users's physical address in return for their IP address, unless for example it was the police or security services with a court order. If people and companies were allowed help themselves to such information, then it would be a serious threat to everyone's privacy.

Surely I must be missing something here. Can anyone enlighten me?

Thanks,
Andrew.

3 REPLIES 3
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,916
Thanks: 5,021
Fixes: 316
Registered: ‎04-04-2007

Re: IP Addresses and Data Protection


@andp256 wrote:

This did however raise a disturbing question - how did the Netflix system know the physical location of my device? The most logical conclusion would be that it was somehow able to translate my IP address into a geographical address. I would have imagined that an ISP would not be allowed under data protection law to hand out a users's physical address in return for their IP address, unless for example it was the police or security services with a court order.


And we don't.

AFAIK, Netflix don't publish details of the algorithms they use but there's a likely summary here. An IP geolocation service can be used to determine your country of origin/approximate geographic location, but the latter is often fairly wide of the mark (see here for an example). 

Netflix don't need your specific postal address though. There's a bunch of other stuff they're probably doing to make a best effort evaluation of an account's activity e.g. it's fairly easy to determine what ISP a fixed line IP address has been assigned from. If there are two users regularly streaming concurrently from two different IP's, assigned from two different ISPs, then there's a good chance the account is being used from multiple locations. The article I linked to above, also suggests that the GPS/cell location from other apps/services on a user's smartphone might be another factor. GPS and cell data is very accurate, and a timeline of a users actual location will be very telling in determining where they are living, as will things like the SSIDs/network names of the WI-Fi networks they're regularly connecting to.

In short, it's probably a whole raft of things that are contributing to Netflix's detection algorithms, however the ISP sharing postal address-level data with third parties is not one of them.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

dvorak
Moderator
Moderator
Posts: 29,651
Thanks: 6,668
Fixes: 1,485
Registered: ‎11-01-2008

Re: IP Addresses and Data Protection


Moderators Note


This topic has been moved from General Chat to Everything Else

Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
corringham
Seasoned Champion
Posts: 1,285
Thanks: 674
Fixes: 17
Registered: ‎25-09-2015

Re: IP Addresses and Data Protection

One criteria that Netflix claim to use is whether the device has been used at the registered address within the last 30 days. That can be done simply by checking the IP address - although many people will have a dynamic address that changes the range holder of the address won't change.

(that could be achieved using a VPN, but I'd guess not many people would resort to that).

With regard to data protection, knowing whether a device associated with the registered address in order to operate within the terms of the contract would be a valid reason to use geo-location. The only case it would be a problem would be if the data subject is under 18 - but you have to be 18 to have a Netflix account so that can't happen.

GDPR doesn't protect information in the way most people believe.