Oracle and Salesforce face precedent-setting class action lawsuits in Dutch, English and Welsh courts that claim their processing and sharing of personal data collected by third-party cookies in order to sell targeted online advertising breaches the General Data Protection Regulation (GDPR).
The cases are being brought by The Privacy Collective, a non-profit foundation set up for the purpose, and centre on the use of third-party cookies to support dynamic ad pricing for targeted online advertising.
The collective said Oracle and Salesforce were just two of a great many companies that use cookies to track, monitor and collect the personal data of internet users and share it in a process called real-time bidding.
These are behind-the-scenes auctions in which consumers’ data is sold to advertisers, which use these profiles to tailor ads that many people perceive “follow” them from website to website, even if they have never expressed an interest in the product for sale.
The data typically collected to support this practice includes people’s interests, their locations, income, relationship status, gender and/or sexual orientation, age and education.
The lawsuit claims that the collection and sharing of this data by Oracle and Salesforce is being done without clear consent and therefore goes against GDPR, and in fact has been in breach of the regulations since they came into force.
Also, said the collective, Oracle’s and Salesforce’s participation in the process of real-time bidding means it is essentially impossible for either of them to provide adequate information and obtain the needed consent, and also means they lose control of the information to the third-party ad companies that use their platforms.
“Everyone who has ever used the internet is at risk from this technology,” said Rebecca Rumbul, class representative and a claimant in England and Wales. “It may be largely hidden, but it is far from harmless.
“If data collected from internet use is not adequately controlled, it can used to facilitate highly targeted marketing that may expose vulnerable minors to unsuitable content, fuel unhealthy habits such as online gambling or prey on other addictions. By supporting my action, internet users in England and Wales can do their bit to begin to hold these firms to account and make the internet a safer and more regulated place.”
The collective says the claims could exceed €10bn, as it could potentially unite millions of claimants who have visited some of the world’s most prominent websites, including Spotify, Comparethemarket, Reddit, Dropbox, Ikea, Booking.com, Thesaurus.com, Urban Dictionary, The Student Room, Rotten Tomatoes, IMDB, BBC Good Food, Matalan, Pretty Little Thing, Debenhams, Reed.co.uk, Barclaycard.com and Amazon.
The Dutch action will…
UK-US data deal puts Brexit data adequacy pact at risk
The UK risks throwing away the possibility of a data adequacy agreement ensuring the free …
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
