Oracle hits back at "meritless" GDPR lawsuit

The Privacy Collective is accusing Oracle and Salesforce of collecting and sharing cookie tracking data without consent

A class-action lawsuit has accused Oracle and Salesforce of breaching GDPR rules with the way they process and share personal data through third-party cookies.

Non-profit organisation The Privacy Collective has filled the lawsuit accusing the two tech firms of misusing consumers personal data through 'Bluekai' and 'Krux', which are cookies used for dynamic ad pricing services.

Oracle's EVP and general counsel Dorian Daley hit back at The Privacy Collective with a strong statement that called the lawsuit "meritless action based on deliberate misrepresentations of the facts".  

"As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program," Daley said in a statement. 

"Despite Oracle's fulsome explanation, the Privacy Collective has decided to pursue its shake-down through litigation filed in bad faith. Oracle will vigorously defend against these baseless claims." 

The lawsuit has been filed in Amsterdam, with a similar claim to be filed at the High Court of London later in August. The Privacy Collective said the Dutch case is the biggest-ever class action in the country that concerns the GDPR and could cost Oracle and Salesforce up to €10 billion. 

Under the GDPR, consent for processing personal data must be informed, specific and freely given. The "Bluekai' and 'Krux', cookies are hosted on a number of websites, such as Comparethemarket, Dropbox and Ikea. The Privacy Collective is accusing Salesforce and Oracle of sharing cookie data from harmful ads with hundreds of other companies via a real-time bidding process, without the proper consent or knowledge of the user. 

"Everyone who has ever used the internet is at risk from this technology. It may be largely hidden but it is far from harmless," said Dr Rebecca Rumbul, class representative and a claimant on the suit in England. "If data collected from internet use is not adequately controlled, it can used to facilitate highly targeted marketing that may expose vulnerable minors to unsuitable content, fuel unhealthy habits such as online gambling or prey on other addictions."

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage
digitisation

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021