It it just me or does the privacy policy actually say about playback data:
As described above, client playback data does not identify what content was played, does not identify what server the content was played from, does not identify the owner of the server that the content was played from, and is generalized
So… even if im “opted in” your privacy policy states you wouldn’t store or share playback data. You had to have broken your own privacy policy (opted in or not) in order to store playback datea
The watch states (and ratings) used by Discover Together don’t have any information if it was watched on your server, at the cinema, on VHS or otherwise. It doesn’t know if you actually watched something or just marked something as watched and whether you even have that content on a server or not.
That logic wont hold up if, for example, a GDPR claim is brought in a court. You cannot in the core privacy policy, which is your users “bible” for what data you share, say “we do not collect X Y Z” and then later on collect X Y & Z but say (and I’m paraphrasing your reply here) “well this web page over here, that isn’t referenced in the privacy policy, says it does, but we call it something else, so we are OK”
You are missing the point of what a privacy policy is.
Calling it “discover together” doesnt matter. You are still breaching your privacy policy… by…recording…the…data…it…says…you…wont…record.
And that is where you are going to fall down. As a company, you will be in complete disagreement with your users and - dare I suggest - any legal opinion
Let me quote the pertinent section of the privacy policy;
Whenever an item is played, data can be reported by both the server that hosts the content and the Plex client playing it…As described above, client playback data does not identify what content was played… Similarly, the server playback does not identify what content was played,
You are then pointing to the “synced watched state” as showing “The GUID for the title” being recorded and they trying to convince me that there is a separation of these two things
This is what im gathering so far,
the privacy policy states clients and servers can send data. This data shared does not identify what content was played.
Synced watch states record a GUID of the title played back
How do you get number 2 without acting contrary to number 1? You cant. Even if you call it something else. its cut and dry. Your client or server had to transmit the GUID of the title played back. And in doing so, it identifies the content. Which breached your privacy policy section on optional playback data.
Let me ask a direct question to you, as an employee of plex: "Which part of your privacy policy expressly identifies to me that you can record and share the GUID of anything watched under the synced watch state feature?
I think the error is your assumption that synced watch states involves playing something. You can ‘sync’ watch state of items that don’t exist on the server or that you may never have even really watched.
I appreciate your thought here that the server isnt syncing this - but for the vast majority of users that “something” is automatically sending (on an auto opt in basis) the GUID of the item played, specifically statiting it identifies what was played back. Its right there in the link provided by @drzoidberg33 above. Calling a spade an “earth inverting implement” does not change what is happening. Something, client or server, sent a bit of data to a plex API or database server saying “this is being played back”. That is then saved in “saved watch state”.
But the privacy policy stated that neither a client or server will send anything that identifies what is being played back. Nor does it have a seciton that says “we can send a GUID to identify the title when saved watch state is on”.
but saved watch state does just that.
The privacy policy only has one section that covers sending the title of whats played - optional playback data. Saying watched state is not called optional playback data doesn’t change that one section legally governs the use of playback title transmission (or GUID identifier) as a policy users accept.
There is no way around this, and I have been a huge plex fan since 2010. It doesnt bring me any joy to be looking at this from a perspective of 15 years working in GDPR and privacy and realising someone royally screwed up.
I appreciate your recommendation, however this thread is specifically about compatibility with the privacy policy and merging into a mega thread risks losing this discussion into a low signal to noise pot of people raising their own concerns about all sorts of fall out form this. Or perhaps that is the intention of plex, bury things and all that.
You’re conflating two separate things. Syncing watch state is not the same thing as the collection of playback data (as described in the privacy policy you linked to). You can do one without the other.
Also, syncing watch state does not appear to something that is active by default. On creating a new account it is disabled. And if you go to turn it on it is quite clear (imo) that it will share information about what’s being watched with Plex.
I understand what you are saying. From a technical capability and separation logically standpoint, you are of course right.
What Im saying is that under plex’s published privacy policy, Plex really can’t do that legally without breaking the privacy policy promise made to users. Plex never legally made that separation that you are making using a technical viewpoint. Thats the error.
That privacy policy is what governs the agreement between users and plex. And breaking it is a huge impact to credibility and trust of your userbase.
They don’t collect any data about ‘watched’ titles until you change that option in your account settings. You have to opt in. Arguably they could add a little bit more detail onto the splash screen, but it does link to the support page which clearly details what additional data will be sent to Plex after opting in.
If it were opt out (as you assert) then on creating a new user I would’ve had to go into the account settings to turn off syncing. However, on creating a new account several hours ago and going into the account settings it was already inactive.
Are you sure you’re not confusing syncing watch state with the privacy settings for watch history (which do appear to have defaulted to ‘Friends’ when you go through the ‘onboarding’ splash screens and may therefore have caused people’s previous privacy settings to have changed)?
Is there a recommendation on how to block Plex from spying on me? Or should I just give up on my Plex Pass and move to Jellyfin? The whole reason I chose Plex in the first place was to self host and avoid more spyware.
I can’t imagine Plex is going to admit wrongdoing without a court mandate, despite your logic being unassailable. This whole situation is a disaster. I can’t believe how hilariously bad the moderator posts are concerning this situation. “Our privacy statements about not collecting what you watch doesn’t include whether you watched something” gtfo.
At this point I’m waiting for the class action lawsuits and information on how to block this (and presumably other) egregious data collecting calls.
Even if it’s not covered by the privacy policy, this is just common sense. Don’t share data that you don’t have explicit, enthusiastic consent to share.
This reeks of a weak excuse to collect more data on their premium users, at the expense of our friends and families privacy.
The heart of our trust relationship was that the information I entrusted to you about my media consumption and preferences was for my use only and did not leave my server. Automatically opting me in to have previously provided information - of any form - now emailed to my contacts and displayed on a “social media profile” I never gave permission for is a gross violation of that trust.
I don’t care if your lawyers are telling you that your clever wording is sufficient is to avoid losing in court, you have already lost in customer trust. And if there ever is a trial I hope there will be jurors who will view this word-twisting and other game playing in the same light I do, which is that it is completely unpersuasive and that Plex violated the spirit and plain meaning of its former privacy policy and communications.
I would mark something as watched on my Plex server, that I don’t own, from a 3rd party streaming site that I’ve never seen?
Just because these theoretical situations are possible doesn’t mean they’re probable.
I have discovery turned off and I’m not connected to any other servers besides my backup server inside my own network
Plex can see all that, so if I sync my two servers Plex knows exactly what content I have
What Plex uses for a justification for this statement would apply to 0% of the data you would collect from me.
Even if someone did go watch a movie in a theatre and then come home and mark it as watched on some discovery site?
That would account for such a small percentage of content marked as watched, that it would be insignificant in the overall dataset
At some point this has to be about honestly informing people as to how this is affecting their privacy and less to do about carefully crafted legal jargon extracted from a support article
