Who is suing Oracle and Salesforce and why?
The Privacy Collective, a Dutch non-profit foundation set up for the primary purpose of pursuing and/or supporting claims for data misuse in breach of privacy rights, has filed lawsuits against the tech giants Oracle and Salesforce in Dutch, English and Welsh courts claiming both companies have breached GDPR by utilising third-party cookies to process as well as share users’ data to sell targeted ads online.
“Oracle and Salesforce are only two of many companies using cookies to track, monitor and collect consumers’ data and sharing it via a process known as ‘real-time bidding’ where the data is being auctioned to advertisers”, states the Collective.
The Collectives’s lawsuit claims that the two companies are collecting and sharing consumers’ data without first obtaining explicit consent from the users which is a direct violation of GDPR and what makes the matter even worse, both companies have been in breach of the privacy regulation since it came into force.
The lawsuit will argue that mass surveillance on Internet users for the nefarious purposes of carrying out real-time bidding ad auctions can’t possibly comply with the EU’s strict regulations around consent to process personal data.
“Claims in the lawsuits against the tech giants could end up exceeding €10 billion as it could potentially combine millions of users who visited popular websites like Spotify, Reddit, Dropbox, IKEA, IMDB, Amazon, Booking.com, Thesaurus.com, Rotten Tomatoes, BBC Good Food, Debenhams, Barclaycard.com and more”, according to the Collective.
Take a look at the responses given by representatives of both companies addressing the foundation’s lawsuits.
Dorian Daley, Oracle’s Executive VP and General Counsel –
“The Privacy Collective knowingly filed a meritless action based on deliberate misrepresentations of the facts. As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program. Despite Oracle’s fulsome explanation, the Privacy Collective has decided to pursue its shake-down through litigation filed in bad faith. Oracle will vigorously defend against these baseless claims.”
Salesforce spokesperson –
“At Salesforce, trust is our number one value, and nothing is more important to us than the privacy and security of our corporate customers’ data. We design and build our services with privacy at the forefront, providing our corporate customers with tools to help them comply with their obligations under applicable privacy laws, including the EU GDPR, to preserve the privacy rights of their customers. Salesforce and another data management platform provider have received a privacy-related complaint from a Dutch group called The Privacy Collective. Salesforce disagrees with the allegations and intends to demonstrate they are without merit.”
In other GDPR related news, as a result of the recent Court of Justice of the European Union ruling on data transfers, invalidating the Privacy Shield, Google will be moving to Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement personal data out of the Europe Economic Area (EEA), Switzerland and the UK. Google will, therefore, update its existing Google Ads policies to add the relevant SCCs as adopted by the European Commission and ensure GDPR compliance.