[German]Two U.S. companies, Oracle and Salesforce, are being sued for data breaches by a consumer privacy group in a court in Amsterdam. The accusation: The two companies collect user data without their consent and then sell the data to third parties.
Advertising
I have become aware of this article on the facts of the case via the following tweet. A group that works to protect consumer data protection has filed a lawsuit against the American companies Salesforce and Oracle for an alleged violation of the EU's General Data Protection Regulation (GDPR).
Oracle and Salesforce to Face GDPR Lawsuit https://t.co/dzOu4G8cyH
— Infosecurity Magazine (@InfosecurityMag) August 17, 2020
The Privacy Collective states that companies collect users' personal information without their proactive consent and then auction it off to other companies without their knowledge. The group estimates that the lawsuit could cost the California-based companies up to $10 billion in fines.
The class action suit was filed in Amsterdam on Friday. This is the largest class action lawsuit for an alleged violation of the DSGVO (GDPR) in the history of the Netherlands. The lawsuit demands a payment of 500 euros for each user who has not consented to the use of their sensitive personal data. A similar lawsuit will be filed later this month by the Privacy Collective with the High Court in London.
Details of the case
The Privacy Collective claims that the two technology companies have used cookies from third parties, Bluekai and Krux, to misuse consumers' personal information. The cookies, which are hosted on several websites including Ikea, Twitch, Dropbox, Booking.com and Comparethemarket, are used for dynamic ad pricing services.
Advertising
The Privacy Collective states that Oracle and Salesforce have held personal information that consumers have not proactively consented to share and have taken a disparate approach to securing confidential information. The lawsuit also accuses the companies of facilitating sales through malicious advertising.
According to the privacy collective, both companies are selling profiles created from the personal information they have collected from users to other companies through real-time advertisements without the knowledge or consent of users.
Companies deny the allegation
Oracle lawyer Dorian Daley says: "Oracle does not play a direct role in the real-time tendering process, has a minimal data footprint in the EU and has a comprehensive GDPR [data protection] compliance programme in place".
A Salesforce spokesperson said: "Salesforce does not agree with the allegations and wants to show that they are unfounded. Our comprehensive privacy program provides tools to help our customers protect the privacy rights of their own customers.
Salesforce is an American cloud-based software company headquartered in San Francisco. Oracle Corporation is a U.S. multinational computer technology company that operates from its headquarters in Redwood Shores. Let's see how these lawsuits turn out.
