Oracle and Salesforce face class action lawsuits over online ad tracking

(Image credit: Wright Studio / Shutterstock)

Class action lawsuits have been filed against Oracle and Salesforce in Dutch, English and Welsh courts which claim the tech giants breached GDPR by using third-party cookies to process and share personal data in order to sell targeted ads online.

As reported by Computer Weekly, the lawsuits are being brought against the two companies by a Dutch non-profit foundation called The Privacy Collective. 

According to the collective, Oracle and Salesforce are just two of many companies which use cookies to track, monitor and collect users' personal data and share it through a process known as real-time bidding where this data is auctioned off to advertisers. Data about users' interests, locations, income, relationship status, gender, age and education is collected to support this practice and build profiles of users online without their knowledge.

The Privacy Collective's lawsuit claims that Oracle and Salesforce are collecting and sharing this data without first obtaining clear consent from users which is in direct violation of GDPR. To make matters worse, the collective claims that both companies have been in breach of the EU's data privacy regulations since GDPR came into force.

Online ad tracking

Class representative and claimant in England and Wales, Rebecca Rumbul provided further insight on The Privacy Collective's lawsuits against Oracle and Salesforce, saying:

“Everyone who has ever used the internet is at risk from this technology. It may be largely hidden, but it is far from harmless. If data collected from internet use is not adequately controlled, it can used to facilitate highly targeted marketing that may expose vulnerable minors to unsuitable content, fuel unhealthy habits such as online gambling or prey on other addictions. By supporting my action, internet users in England and Wales can do their bit to begin to hold these firms to account and make the internet a safer and more regulated place.”

Claims in the lawsuits could end up exceeding $12bn according to the collective as millions of users who have visited popular sites including Spotify, Reddit, Dropbox, Ikea, IMDB, Amazon and more could end up getting involved.

Oracle's executive vice president and general counsel, Dorian Daley dismissed The Privacy Collective's claims, saying:

“The Privacy Collective knowingly filed a meritless action based on deliberate misrepresentations of the facts.  As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program. Despite Oracle’s fulsome explanation, the Privacy Collective has decided to pursue its shake-down through litigation filed in bad faith. Oracle will vigorously defend against these baseless claims.”

  • We've also highlighted the best VPN services

Via Computer Weekly

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.