Adobe Sued by Watchdog Over Mass Data Collection of Dutch Citizens

Adobe Building

Adobe made millions reselling the personal data of its customers in the Netherlands, that’s according to a Dutch watchdog that is taking the photo software giant to court.

The Dutch Data Protection Foundation (SDBN) is demanding significant compensation from Adobe after it claims that anyone who uses its apps has “become a victim” of the company.

In court papers filed yesterday (Wednesday), Adobe is accused of creating secret profiles of internet users that are shared with interested commercial parties. The data is collected from tracking cookies and code embedded in popular Dutch websites.

“While Adobe is primarily recognized as a design software supplier, what’s surprising is its simultaneous involvement in the digital personal data market – tracking your online activities,” says Anouk Ruhaak, the Chair of SDBN.

The watchdog estimates there are seven million Dutch people affected (the Netherlands has a population of 17.6 million people). They are demanding that Adobe cease data collection, delete all of the held data, and compensate the millions of Dutch people affected. The SDBN also wants Adobe to reveal the third parties it allegedly sold the data to, according to VPN Overview.

If Adobe was found to be liable they could potentially face a bill running into the billions. Similar cases have seen between 250 Euros and 1,500 Euros per person.

The SDBN claims that Adobe has gotten away with this practice for so long (since 2018) because of the positive image Photoshop has. “But what we didn’t know is that the company is simultaneously active in the digital personal data market and follows you online,” adds Ruhaak.

“Did you make your Christmas purchases online? Then Adobe probably knows quite accurately what you have viewed and where you bought your gingerbread or perfume.”

At the center of the lawsuit is Adobe’s Experience Cloud platform which allows companies to create profiles of internet users. SDBN alleges that Adobe used the tool to “illegally collect an enormous amount of data about almost every Dutch internet user.”

This allegedly works by placing tracking cookies on websites and pieces of code in popular mobile apps in the Netherlands. And it means that someone who has never used an Adobe product could end up having their data harvested.

“The Foundation’s claims are based on misunderstandings about Adobe’s enterprise technology and Adobe’s role around data our enterprise customers collect,” Adobe says in an email to PetaPixel.

“Contrary to the claims, Adobe is not a ‘data controller’ when providing services to our Experience Cloud customers. Adobe is a processor of data collected by customers. This means the customer is the data controller and as such, decides which cookies to deploy, what data to collect, what uses to put that data to, and determines what consent to collect from visitors to its own websites. As a data processor, Adobe enables its customers to make these decisions within Adobe Experience Platform, part of Adobe Experience Cloud. Adobe does not sell or distribute our customers’ data and provides integrations to consent management tools to help customers implement consent management on their sites as they deem legally necessary based on the countries they operate in.”

The SDBN have launched a number of similar suits in recent months including on X (formerly Twitter) and Amazon.

Yesterday, PetaPixel reported that Adobe achieved a revenue of $5.05 billion in the fourth fiscal quarter.

Update 12/14: Added a comment from Adobe.