Class action lawsuits have been filed against Oracle and Salesforce in Dutch, English and Welsh courts which claim the tech giants breached GDPR by using third-party cookies to process and share personal data in order to sell targeted ads online.
As reported by Computer Weekly (opens in new tab), the lawsuits are being brought against the two companies by a Dutch non-profit foundation called The Privacy Collective.
- We've put together a list of the best anonymous browsers around
- These are the best privacy apps for Android
- Also check out our roundup of the best secure routers
The Privacy Collective's lawsuit claims that Oracle and Salesforce are collecting and sharing this data without first obtaining clear consent from users which is in direct violation of GDPR. To make matters worse, the collective claims that both companies have been in breach of the EU's data privacy regulations since GDPR came into force.
Online ad tracking
Class representative and claimant in England and Wales, Rebecca Rumbul provided further insight on The Privacy Collective's lawsuits against Oracle and Salesforce, saying:
“Everyone who has ever used the internet is at risk from this technology. It may be largely hidden, but it is far from harmless. If data collected from internet use is not adequately controlled, it can used to facilitate highly targeted marketing that may expose vulnerable minors to unsuitable content, fuel unhealthy habits such as online gambling or prey on other addictions. By supporting my action, internet users in England and Wales can do their bit to begin to hold these firms to account and make the internet a safer and more regulated place.”
Claims in the lawsuits could end up exceeding $12bn according to the collective as millions of users who have visited popular sites including Spotify, Reddit, Dropbox, Ikea, IMDB, Amazon and more could end up getting involved.
Oracle's executive vice president and general counsel, Dorian Daley dismissed The Privacy Collective's claims, saying:
“The Privacy Collective knowingly filed a meritless action based on deliberate misrepresentations of the facts. As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program. Despite Oracle’s fulsome explanation, the Privacy Collective has decided to pursue its shake-down through litigation filed in bad faith. Oracle will vigorously defend against these baseless claims.”
- We've also highlighted the best VPN services
Via Computer Weekly (opens in new tab)