The data processing policies and practices of two of the world’s largest software companies, Salesforce and Oracle, will come under scrutiny in the High Court of England and Wales in the biggest digital privacy class action lawsuit ever filed.
The suit, filed by privacy campaigner and data protection specialist Rebecca Rumbul, is seeking damages that have been estimated in excess of £10bn, which could conceivably lead to awards of £500 for every internet user in the UK. A parallel suit in the Netherlands backed by a Dutch group called The Privacy Collective Foundation could take the total damages to more than €15bn.
“Enough is enough,” said Rumbul. “I am tired of tech giants behaving as if they are above the law. It is time to take a stand and demonstrate that these companies cannot unlawfully and indiscriminately hoover up my personal data with impunity. The internet is not optional any more, and I should be able to use it without big tech tracking me without my consent.
“The data these companies are compiling on ordinary citizens is terrifying. With their tracking technologies in use across the most popular websites, it is hard to escape from their data collection.”
Rumbul said that although both software firms could ignore her complaints as a lone individual, by becoming a class representative on behalf of millions, she could more effectively hold the advertising technology industry to account.
“I don’t believe that these companies, who profit from the sale of my personal data to third parties, currently respect the laws that are supposed to protect my privacy,” she said. “Perhaps £10bn given back to consumers in England and Wales will change that.”
The lawsuit centres on the collection and processing of personal information by advertising technology platforms owned by Oracle and Salesforce, which use third-party cookies to track, monitor and collect online browsing data and auction it to advertising platforms to serve targeted online adverts.
These are the tailored ads that many people seem to think “follow” them around the internet, and the data used to generate them can include a person’s interests, location, income, relationship status, gender or sexual orientation, health status, age, level of education and political or religious leanings.
Rumbul’s suit, led by law firm Cadwalader, alleges that this process is done without clear consent and is therefore a breach of the General Data Protection Regulation (GDPR).