Privacy & Cybersecurity Law Blog

On May 11, 2026, the Texas Attorney General (“AG”) announced a lawsuit against Netflix, Inc. (“Netflix” or the “Company”) under the Texas Deceptive Trade Practices Act, alleging that the Company collected personal information, including that of children, based on misleading and deceptive disclosures, and engaged in dark patterns by designing its platform to be addictive.

The AG alleged that Netflix misrepresented (i) that paid subscribers would not be subject to data-driven advertising, (ii) how it shares user data, and (iii) that it does not collect behavioral data from children. The AG further alleged that Netflix used dark patterns, such as autoplay, to “override conscious decision-making, extend viewing sessions, and eliminate stopping cues.”

Notably, the AG compared the level of detail provided by the Company’s consumer-facing disclosures against its advertiser-facing marketing materials, alleging that Netflix’s consumer-facing disclosures failed to disclose information about identity onboarding, data enrichment, clean room collaboration and the “programmatic pipes through which Netflix inventory is bought and measured.” With respect to children’s profiles, the AG alleged that, by indicating that children’s profiles are not used for interest-based advertising, Netflix “create[ed] the impression that [it] does not collect or use the behavioral data needed to target children.”

The lawsuit seeks to stop the unlawful collection and disclosure of user data, to require Netflix to disable autoplay by default on children’s profiles, and to secure other civil penalties and injunctive relief. “When a company collects and processes massive streams of behavioral data – and uses that data to fuel measurement and monetization,” says the AG, “consumers are entitled to a clear explanation of what is happening and why.”