In the Supreme Court of England and Wales, software companies Salesforce and Oracle were sued for 15 billion pounds (16.5 billion euros). The plaintiff believes that the two companies are violating GDPR legislation by collecting and reselling personal data.

The main plaintiff is UK privacy activist and data protection specialist Rebecca Rumbul. She is suing the two companies for £10 billion, possibly forcing them to pay a £500 fine to every British internet user. A Dutch group called The Privacy Collective Foundation also sued the two companies for £5 billion.

Advertising platforms

Rumbul is bothered by the advertising technology platforms owned by Oracle and Salesforce. They use cookies to collect and track browsing data and then resell them to ad platforms, which place targeted ads, ComputerWeekly writes.

The personalized ads use information such as interests, location, income, relationship status, gender, sexual orientation, health, age, educational level, political affiliation, and religion.

Enough is enough

“Enough is enough,” said Rumbul. “I am tired of tech giants behaving as if they are above the law. It is time to take a stand and demonstrate that these companies cannot unlawfully and indiscriminately hoover up my personal data with impunity. The internet is not optional any more, and I should be able to use it without big tech tracking me without my consent.”

‘The data these companies are compiling on ordinary citizens is terrifying. With their tracking technologies in use across the most popular websites, it is hard to escape from their data collection.”

Rumbul goes on to say that she does not believe that the companies that profit of the sale of personal data to third parties respect privacy laws. “Perhaps £10bn given back to consumers in England and Wales will change that.”

Trust

Salesforce disagrees with the allegations. “At Salesforce, trust is our number one value and nothing is more important to us than the privacy and security of our corporate customers’ data”, a spokesperson said.

“We design and build our services with privacy at the forefront, providing our corporate customers with tools to help them comply with their own obligations under applicable privacy laws – including the EU GDPR – to preserve the privacy rights of their own customers.”

Salesforce emphasizes that The Privacy Collective’s and Rebecca Rumbul’s charges apply specifically to the Salesforce Audience Studio service and have nothing to do with any of the company’s other services.

“Salesforce disagrees with the allegations and intends to demonstrate they are without merit.” The company then refers to its privacy policy.

In a brief response, Oracle has described the charges as unsubstantiated and indicates that it will vigorously defend against them.

Safari Workaround

The lawsuit largely depends on the outcome of the Lloyd vs Google case, in which Richard Lloyd accuses Google of collecting data on iPhones in 2011 and 2012, without permission. The company made use of the so-called Safari Workaround, which made it possible to place DoubleClick Ad cookies on iPhones without permission.

The outcome of that case is expected in 2021 and could serve as a basis for Rumbul’s and The Privacy Collective’s indictments.