NL

Share on facebook
Share on linkedin
Share on twitter

• Privacy campaigner Dr Rebecca Rumbul files legal action against US corporations Oracle and Salesforce; claim worth in excess of £10 billion for benefit of internet users in England & Wales
• Largest digital privacy class action ever filed at the High Court in London could lead to awards of £500 compensation for every UK internet user 
• Oracle and Salesforce tracking internet users across some of the UK’s most popular websites including Spotify, Autotrader, Barclaycard, eBay and TripAdvisor

Digital rights campaigner Dr Rebecca Rumbul has filed a claim at the High Court in London for damages estimated in excess of £10 billion for consumers in England and Wales for a breach of their data privacy by US corporations Salesforce and Oracle. The claim, filed by Rumbul, is based on breaches of GDPR through the Data Protection Act by the two US companies in their processing of personal information used by their Ad Tech platforms. A parallel legal case is being run by The Privacy Collective Foundation in the Netherlands which could take the total damages awarded to in excess of €15 billion.

The case will be one of the biggest class actions that the High Court in England and Wales has heard to date and aims to fundamentally change the approach of multinational corporations in their development of intrusive profiles of internet users for advertising purposes.

The claim could lead to compensation awards available to every internet user in England and Wales of £500 per person per company - paid by Oracle and Salesforce. Oracle and Salesforce have a combined valuation of $350 billion.

Dr Rebecca Rumbul said:

"Enough is enough. I am tired of tech giants behaving as if they are above the law. It is time to take a stand and demonstrate that these companies cannot unlawfully and indiscriminately hoover up my personal data with impunity. The internet is not optional anymore, and I should be able to use it without big tech tracking me without my consent. The data these companies are compiling on ordinary citizens is terrifying. With their tracking technologies in use across the most popular websites, it is hard to escape from their data collection."

“As a lone individual, Oracle and Salesforce can ignore my concerns, but as a class representative for millions of people in England and Wales, I can hold them to account for the benefit of everyone. I don't believe that these companies, who profit from the sale of my personal data to third parties, currently respect the laws that are supposed to protect my privacy. Perhaps £10 billion given back to consumers in England and Wales will change that.”

Oracle and Salesforce have assembled intrusive databases on internet users with Salesforce owning Salesforce Audience Studio (formerly known as Krux), and Oracle owning Oracle DMP (formerly known as Bluekai). Some of the most visited websites in the UK, including Amazon, Ikea, eBay, Autotrader, Skyscanner, Booking.com, Tripadvisor, Comparethemarket.com, Paypal, Barclaycard, Spotify, Dropbox, IMDb, and Weather.com, pass on cookies from Bluekai (Oracle) or Krux (Salesforce) to capture information about users as they surf the internet. The incidence of this tracking has affected (and continues to affect) almost every internet user, suggesting that for years users have had their privacy rights breached.

By leveraging cookies in conjunction with powerful databases, companies like Salesforce and Oracle can create a profile of users based on their online behaviours for instance what they read, watch, listen to, comment on and engage with online. This data can be merged with other information including users’ location, and credit references. Together this data can include, or be used to infer, information about users’ interests, physical and mental health, financial situation, levels of education, religious affiliations, and even political leanings.

Since the GDPR came into effect, Oracle and Salesforce have been required to get informed consent from internet users in order to collect and share their personal data through cookies and other technologies. The case alleges that the companies tracking across multiple websites across the internet and the way the data they collect is used for both advertising real-time bidding and resale to third parties means they can’t provide adequate information or obtain the requisite consent from users.

The case is being led by law firm Cadwalader for the claimant, Dr Rebecca Rumbul, who represents the interests of all citizens in England and Wales whose personal data has been used without their consent and knowledge by Oracle and Salesforce.

A parallel case has been filed by The Privacy Collective Foundation, represented by the law firm bureau Brandeis, earlier this year in the Netherlands at the District Court of Amsterdam. It is estimated that together, both the England & Wales and Dutch claims could exceed €15 billion. The claims are being fully funded by Innsworth, a leading litigation funder. Innsworth is also funding Sir Walter Merricks’ (former Chief Ombudsman at the Financial Ombudsman Service) class action for 46 million consumers against Mastercard in the London courts.

In 2021, the Supreme Court will decide upon the landmark Lloyd v Google case, which if favourable will pave the way for opt-out representative actions for privacy breaches. All parties to Dr Rumbul’s case have agreed the proceedings will be stayed until after the outcome of the landmark Supreme Court ruling.

Anyone who uses the internet and is targeted by advertising in England and Wales is encouraged to register their support for the legal action online at www.theprivacycollective.eu.

Notes for Editors

For interviews with Dr Rebecca Rumbul, please contact:

• Valerie Oladeinde at 89up on [email protected]
• Saskia Kerkvliet at 89up on [email protected] / 07708977145

About Rebecca Rumbul

Dr Rebecca Rumbul, is the designated class representative of the case filed by The Privacy Collective at the High Court of England and Wales. Rebecca is Head of Research at MySociety, a non-profit pioneering the use of online technologies to empower citizens to engage in greater civic participation, as well as a Council Member and Non-Executive Director of the Advertising Standards Authority. Rebecca is a leading global expert in digital democracy, and previously worked as a Data Protection Development Manager at the Information Commissioner's Office in Wales. She has a PhD from the Open University in Politics and Governance.

About The Privacy Collective
The Privacy Collective is a Netherlands based foundation that has joined forces with Rumbul, to run a broader privacy campaign in support of their respective claims. In the campaign leading legal and academic experts, and civil society activists speak out against the data misuse of Oracle and Salesforce and support the claims in both the Dutch and the UK action. These initiatives aim to fill the gap where regulators, that do not have the manpower and resources to properly implement the law, allow companies to unlawfully collect and sell the data of millions of internet users in the UK and across Europe without ramifications.
www.theprivacycollective.eu.