Texas Just Filed a "Surveillance Machinery" Lawsuit Against Netflix—5 Petabytes of Behavioral Data a Day, Captured From Kid Profiles Too

On May 11 the Texas Attorney General filed suit against Netflix in Collin County District Court, accusing the streaming service of operating what the petition calls "surveillance machinery" against its 70 million U.S. subscribers — including, the state alleges, the children whose profiles Netflix has consistently marketed as protected spaces. The complaint cites the Texas Deceptive Trade Practices Act and seeks both monetary penalties and a court order forcing the company to disable autoplay by default on kid profiles.

The numbers in the filing are the part to slow down on. According to the petition, Netflix's infrastructure logs "approximately 5 petabytes of user behavior data per day" through more than "40,000 internal microservices" while processing "more than 10 million events per second." Those figures come from Netflix's own engineering blog posts and conference talks, which the Texas legal team appears to have mined for years before filing.

For context, five petabytes a day is roughly equivalent to recording every word ever spoken in every Hollywood film ever made — every twenty four hours. The state's claim is that Netflix is not just streaming content. It is running one of the largest behavioral surveillance pipelines in commercial computing, and it built that pipeline while telling investors and parents that it did not care about user data the way Google and Facebook do.

The Promise Texas Says Netflix Broke

The deceptive trade practices theory turns on a specific Netflix talking point. For roughly a decade, Netflix executives publicly contrasted the company with the ad supported web. The 2019 Reed Hastings interviews are the most cited example — the then CEO repeatedly said Netflix did not need to monetize user data because subscribers paid for the service directly. The 2020 annual report described Netflix as a "non advertising" model.

Texas argues that those statements created a consumer expectation that the company then violated three times over:

• By collecting the data anyway. The petition itemizes pause events, play events, scrubbing, text input into the search bar, app clicks, device fingerprints, location signals, household network composition, and the timestamps for all of it. Most of this is not behavioral data needed to stream a movie. It is data needed to model a person.
• By launching an ad supported tier in 2022. The Texas complaint says the prior "no advertising" framing made the 2022 pivot a bait and switch. Existing subscribers had built years of behavioral history under one privacy promise, then woke up to find the same data being run through an ad targeting system.
• By partnering with data brokers. Netflix now integrates with Google's Display & Video 360, The Trade Desk, Experian, and Acxiom for identity matching and targeted ad delivery. The petition cites contracts and engineering documentation that Netflix has filed publicly. Acxiom and Experian are not media partners. They are the same data brokers that LexisNexis and Verisk play in the auto insurance world — wholesale identity graphs that resell consumer profiles to whichever marketer asks.

Why the Kid Profile Angle Is the Sharpest Part

Netflix's kid profile feature has been one of the company's primary marketing arguments for years. The interface is gated by a separate PIN. The content is filtered. The promotional copy describes "a safe, segregated space" for children. Parents who set up kid profiles reasonably believed that Netflix was treating those accounts differently from the adult ones.

According to the Texas petition, kid profiles produce the same behavioral telemetry as adult profiles. Every play, every pause, every search box keystroke, every "are you still watching" prompt that gets dismissed — all of it flows into the same 40,000 microservices pipeline. The petition argues that this is the most direct deception in the case, because Netflix explicitly told parents the kid environment was different and the engineering logs say it was not.

The autoplay claim sits on top of this. Texas alleges that the next episode autoplay feature is an intentional dark pattern: a design choice that converts passive viewing into extended sessions, generating more behavioral events for the data pipeline. The relief Texas is asking for includes a permanent injunction requiring Netflix to default autoplay to off on every kid profile.

The Architecture the Petition Describes

A lot of public Netflix engineering writing has discussed the company's data infrastructure as a feat of scale. The Texas petition treats that same infrastructure as evidence. The two specific numbers — 5 petabytes per day and 10 million events per second — come from Netflix's own publications, which is why the company will have a hard time disputing them.

Walk through what those numbers mean operationally:

• 10 million events per second averages to about 115 events per second per active U.S. subscriber. Most of those are not playback. They are clickstream — every cursor hover, every browse, every preview that auto plays on hover, every dismissal.
• 5 petabytes per day is the post enrichment number. After joining device fingerprints, IP geolocation, ISP identification, household graph membership, and external identity matching, every raw event balloons into a much larger record.
• 40,000 microservices means the data is not just collected. It is processed through tens of thousands of distinct internal consumers. Recommendation, targeting, business analytics, fraud detection, and a long tail of experimental ML models all draw from the same firehose.

None of this is illegal on its face — high scale data engineering is the table stakes for modern streaming. The Texas argument is narrower. The state says Netflix told its customers, repeatedly and publicly, that it was not doing what its own engineering blog says it has been doing all along.

Why Streaming, Cars, and Email All Have the Same Problem

If the Texas filing reads familiar, it is because the same architectural pattern has driven the privacy enforcement wave of the past twelve months. The pattern goes:

1. A consumer signs up for a paid product that promises one thing — content, transportation, communication.
2. The product instruments every interaction with telemetry that goes far beyond the operational minimum.
3. The operator monetizes the telemetry through a small set of identity brokers and ad tech platforms.
4. The consumer never sees the broker names, never sees the data categories, and never gets a chance to opt out at the point of collection.

That pattern just cost General Motors $12.75 million in California — the largest CCPA fine ever, for selling OnStar driver locations to two data brokers. It cost Forbes $10 million in a CIPA settlement for tracker behavior on its website. It cost 20 state health exchanges federal scrutiny when Bloomberg found Meta and TikTok pixels sending citizenship and prescription drug data to ad networks.

Email is the next domino. Marketing senders log the same behavioral signal — opens, clicks, dwell, forwards — through tracking pixels embedded in every message, then enrich those signals with the same Acxiom and Experian identity graphs Netflix is being sued over. The disclosure language is the same generic privacy policy boilerplate. The data flow is the same hub and spoke into a handful of brokers. The legal exposure, once a court treats email tracking as a comparable surveillance mechanism, will be the same.

What Happens Next in the Texas Case

Netflix's initial response calls the petition "inaccurate and distorted" and emphasizes its compliance with privacy laws and "industry leading kid friendly parental controls." That is the standard defense template. The interesting part of the case will not be the public messaging. It will be discovery.

Texas will subpoena Netflix's data partner contracts, the integration specifications for the Google DV360, Trade Desk, Acxiom, and Experian feeds, and the internal data minimization assessments — assuming any exist. The discovery posture is significant because Texas filed under the state's Deceptive Trade Practices Act, which carries up to $10,000 per violation and far broader investigative powers than typical consumer protection statutes. If the court certifies a per subscriber violation theory, the math gets uncomfortable fast for Netflix.

A more likely outcome is a structured settlement on the autoplay injunction, an opt out workflow for behavioral targeting, and a meaningful monetary penalty. The GM settlement template — five year ban on data sales to specific brokers, mandatory deletion of retained data, privacy program with regulator reporting — is exactly the kind of framework Texas could ask the court to adopt.

What This Means for You as a Subscriber

Three concrete actions follow from the filing, whether or not the lawsuit succeeds.

• Turn off autoplay manually. Netflix has the toggle today. Account → Profile → Playback Settings → uncheck "Autoplay next episode." Do it for every kid profile in your household. The Texas case may eventually force this as a default, but you do not have to wait.
• Visit Netflix's privacy preferences page. The interest based ads opt out lives at netflix.com/account → privacy. The toggle is not a complete privacy switch — Netflix still collects behavioral data internally — but it limits the share with the named ad tech partners.
• Assume the same pattern is in every paid app you use. Spotify, Hulu, Disney+, Peacock, and most other streamers run comparable telemetry pipelines. The fact that the data is collected for personalization does not stop it from also being sold for advertising. Audit your settings everywhere.

The Texas suit is not going to fundamentally rewrite the surveillance economics of streaming. It is going to establish a precedent for what a state attorney general can do with a company's own engineering documentation. That is the part to watch. The data brokers Netflix is partnering with are the same ones reading the rest of your digital life, and the legal theory that Texas just deployed scales horizontally across every paid service with a data exhaust.

Sources

• Netflix sued by Texas for allegedly spying on children, addicting users — CNBC
• Netflix Sued by Republican Texas Attorney General — Variety
• Texas sues Netflix over alleged data practices creating "surveillance machinery" — The Record
• Texas AG Ken Paxton sues Netflix, claims streaming giant spied on children — CBS Texas