In het nieuws

Forbes: Oracle And Salesforce Hit With $10 Billion GDPR Class-Action Lawsuit

op 17 augustus 2020


Share on facebook
Share on linkedin
Share on twitter

This article was originally published in Forbes.

Class-action lawsuits filed in the UK and Netherlands will accuse tech giants Oracle and Salesforce of breaching GDPR in the way they process and share personal data to sell online advertising.

The cases are being brought by The Privacy Collective, a European non-profit foundation that is dedicated to claiming compensation for the wrongful use of personal data.

The group claims the two companies are misusing consumers’ personal data through their third-party cookies ‘Bluekai’ and ‘Krux’, which are used to track, monitor and collect the personal data of internet users and share it in a process called real-time bidding. These cookies are hosted on a number of popular websites, the group claims, such as Amazon,, Dropbox, Reddit and Spotify.

The Privacy Collective is accusing both Oracle and Salesforce of breaching GDPR rules by facilitating sales via harmful ads, holding personal information that consumers did not proactively consent to sharing, and inconsistently securing personal data.

“Everyone who has ever used the internet is at risk from this technology. It may be largely hidden but it is far from harmless,” said Dr Rebecca Rumbul, class representative and a claimant on the suit in England and Wales. 

“If data collected from internet use is not adequately controlled, it can used to facilitate highly targeted marketing that may expose vulnerable minors to unsuitable content, fuel unhealthy habits such as online gambling or prey on other addictions.”

The lawsuit has been filed in Amsterdam, with a similar claim to be filed at the High Court of London later in August. The Privacy Collective said the Dutch case is the biggest-ever class action in the country that concerns GDPR and could cost Oracle and Salesforce up to €10 billion. 

Everyone who has ever used the internet is at risk from this technology.

Oracle's EVP and general counsel Dorian Daley hit back at lawsuit, and slammed it as "meritless action based on deliberate misrepresentations of the facts". 

"As Oracle previously informed the Privacy Collective, Oracle has no direct role in the real-time bidding process (RTB), has a minimal data footprint in the EU, and has a comprehensive GDPR compliance program," Daley said in a statement. 

"Despite Oracle's fulsome explanation, the Privacy Collective has decided to pursue its shake-down through litigation filed in bad faith. Oracle will vigorously defend against these baseless claims." 

A spokesperson for Salesforce said it “disagrees with the allegations and intends to demonstrate they are without merit”.

Steun onze zaak tegen Oracle en Salesforce.


Toon je support

Door je gegevens hier achter te laten steun je onze zaak tegen Oracle en Salesforce. We gebruiken je volledige naam en mailadres mogelijk om in de juridische procecure aan te tonen hoeveel mensen actief hun steun hebben gegeven aan The Privacy Collective.

Support form | home & popup

- Je steunt de zaak van The Privacy Collective tegen Oracle en Salesforce.

- Je maakt deel uit van de groep van benadeelden.

Je maakt deel uit van deze groep als je sinds 26 mei 2018 vanuit Nederland cookies geaccepteerd hebt van Oracle en/of Salesforce en op dit moment in Nederland woont. Deze cookies zijn aanwezig op populaire websites zoals,,,,,, en

- The Privacy Collective gebruikt jouw voor- en achternaam en emailadres om jouw steun aan te tonen in de procedure tegen Salesforce en Oracle en om contact met je op te nemen over het verloop van de procedure.

Waar mogelijk worden persoonsgegevens gepseudonimiseerd. Lees hier het volledige privacybeleid van TPC.

Door op 'Aanmelden' te klikken, bevestig je het bovenstaande.