One of the key differentiators in Tematica’s Cybersecurity & Digital Privacy investment theme and the Foxberry Tematica Research Cybersecurity & Data Privacy Index has been the recognition of the evolving data privacy regulatory landscape. One of those key pieces is the GDPR regulation, which includes consent for processing an EU citizens’ personal data must be informed, specific and given freely and confers rights on individuals surrounding their data, including ability to receive a copy of their personal information. It’s against that regulatory backdrop that Oracle and Salesforce are lawsuits in the UK and Netherlands.
The high profile nature of these companies and therefore these lawsuits along with the impact on third party cookie usage for ad tracking and targeting and the potential size of the fines to be had make these cases to watch.
The use of third party cookies for ad tracking and targeting by data broker giants Oracle and Salesforce is the focus of class action style litigation announced today in the UK and the Netherlands.
Non-profit foundation, The Privacy Collective, has filed one case today with the District Court of Amsterdam, accusing the two data broker giants of breaching the EU’s General Data Protection Regulation (GDPR) in their processing and sharing of people’s information via third party tracking cookies and other adtech methods.
The Dutch case, which is being led by law-firm bureau Brandeis, is the biggest-ever class action in The Netherlands related to violation of the GDPR — with the claimant foundation representing the interests of all Dutch citizens whose personal data has been used without their consent and knowledge by Oracle and Salesforce.
A similar case is due to be filed later this month at the High Court in London England, which will make reference to the GDPR and the UK’s PECR (Privacy of Electronic Communications Regulation) — the latter governing the use of personal data for marketing communications. The case there is being led by law firm Cadwalader.
Discussing the lawsuit in a telephone call with TechCrunch, Dr Rebecca Rumbul, class representative and claimant in England & Wales, said: “There is, I think, no way that any normal person can really give informed consent to the way in which their data is going to be processed by the cookies that have been placed by Oracle and Salesforce.
“When you start digging into it there are numerous, fairly pernicious ways in which these cookies can and probably do operate — such as cookie syncing, and the aggregation of personal data — so there’s really, really serious privacy concerns there.”