Ad tech: Major companies sued over alleged GDPR breaches
Two technology companies are being sued over claims that users’ personal data is being obtained using cookies and traded unlawfully for advertising purposes.
A legal claim will be filed by campaigners from the non-profit organisation Privacy Collective against tech giants Oracle and Salesforce in Amsterdam today, and it has instructed US law firm Cadwalader to bring a similar claim in London, The Times reports.
The campaigners are accusing the companies of processing and sharing data in breach of the GDPR. They claim that the companies are placing cookies which monitors users’ online activity and stores their personal data, which is then shared and sold to third parties in a process called “real-time bidding”. They allege that users have not consented to this or are unaware of its occurrence.
Under current data protection rules, the tech companies are required to obtain informed consent from consumers in order to collect and share their personal data through cookies.
Lawyers bringing the claim in Amsterdam said they were bringing the claim on behalf of “all Dutch citizens whose personal data has been used without their consent and knowledge”.
Salesforce and Oracle have both disagreed with the claim.
A spokesperson for Oracle said: “The Privacy Collective knowingly filed a meritless action based on deliberate misrepresentations of the facts.
“As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program. Oracle will vigorously defend against these baseless claims.”