Salesforce and Oracle are facing a huge GDPR lawsuit in Europe, which both companies have dismissed as spurious.
According to Computer Weekly, the two firms will be sued in the UK, Wales and The Netherlands over real-time bidding - a way for advertising inventory to be bought and sold on a per-impression basis via programmatic instantaneous auction.
The practice makes use of third-party cookies, however, allowing advertisers to tailor their messages to people’s interests, locations, income, relationship status, gender and more.
The lawsuit claims Oracle and Salesforce have been collecting and sharing this personal data without direct consent from the users, which amounts to a breach of GDPR.
The case will be brought by the Privacy Collective, a non-profit foundation whose purpose is to protect consumers’ digital privacy.
“Everyone who has ever used the internet is at risk from this technology. It may be largely hidden, but it is far from harmless,” said Rebecca Rumbul, class representative and a claimant in England and Wales.
“If data collected from internet use is not adequately controlled, it can used to facilitate highly targeted marketing that may expose vulnerable minors to unsuitable content, fuel unhealthy habits such as online gambling or prey on other addictions."
"By supporting my action, internet users in England and Wales can do their bit to begin to hold these firms to account and make the internet a safer and more regulated place.”
According to the foundation, the claims could amount to more than $12 billion, but Oracle has publicly disputed the allegations.
“The Privacy Collective knowingly filed a meritless action based on deliberate misrepresentations of the facts,” said Dorian Daley, Executive Vice President and General Counsel at Oracle.
“As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program.”