Oracle hits back at "meritless" GDPR lawsuit

The Privacy Collective is accusing Oracle and Salesforce of collecting and sharing cookie tracking data without consent

A class-action lawsuit has accused Oracle and Salesforce of breaching GDPR rules with the way they process and share personal data through third-party cookies.

Non-profit organisation The Privacy Collective has filled the lawsuit accusing the two tech firms of misusing consumers personal data through 'Bluekai' and 'Krux', which are cookies used for dynamic ad pricing services.

Oracle's EVP and general counsel Dorian Daley hit back at The Privacy Collective with a strong statement that called the lawsuit "meritless action based on deliberate misrepresentations of the facts".  

"As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program," Daley said in a statement. 

"Despite Oracle's fulsome explanation, the Privacy Collective has decided to pursue its shake-down through litigation filed in bad faith. Oracle will vigorously defend against these baseless claims." 

The lawsuit has been filed in Amsterdam, with a similar claim to be filed at the High Court of London later in August. The Privacy Collective said the Dutch case is the biggest-ever class action in the country that concerns the GDPR and could cost Oracle and Salesforce up to €10 billion. 

Under the GDPR, consent for processing personal data must be informed, specific and freely given. The "Bluekai' and 'Krux', cookies are hosted on a number of websites, such as Comparethemarket, Dropbox and Ikea. The Privacy Collective is accusing Salesforce and Oracle of sharing cookie data from harmful ads with hundreds of other companies via a real-time bidding process, without the proper consent or knowledge of the user. 

"Everyone who has ever used the internet is at risk from this technology. It may be largely hidden but it is far from harmless," said Dr Rebecca Rumbul, class representative and a claimant on the suit in England. "If data collected from internet use is not adequately controlled, it can used to facilitate highly targeted marketing that may expose vulnerable minors to unsuitable content, fuel unhealthy habits such as online gambling or prey on other addictions."

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021