Oracle has its fingers in a lot of pies, from database management to the Java development kit, but it also runs a “Data Marketplace” where it trades in “open and transparent audience data.” The new lawsuit alleges that Oracle is anything but transparent and has invaded the privacy of most people on Earth. The suit filed in the Northern District of California has three class representatives, including Dr. Johnny Ryan, senior fellow of the Irish Council for Civil Liberties (ICCL). “Oracle has violated the privacy of billions of people across the globe. This is a Fortune 500 company on a dangerous mission to track where every person in the world goes, and what they do,” Dr. Ryan said.
According to the ICCL, Oracle has taken advantage of unwitting internet users to amass a vast archive of data that includes intimate details. The billions of personal dossiers in the “Consumers Identity Graph” contain data points like income, interests, emails, medical care, political views, location history, and even detailed online spending and account activity. For example, the ICCL says that one Oracle database included a record of a German man who used a prepaid debit card to bet €10 on a sporting event.
Kudos to @WolfieChristl who pioneered research on Oracle’s surveillance machine years ago.
Lead plaintiffs are @mlacabe @jengolbeck and I, representing 5 billion+ Oracle privacy victims as lead plaintiffs.
See this clip for an idea of Oracle’s creepy and vast snooping machine. pic.twitter.com/0B9XLzWyQV
— Johnny Ryan (@johnnyryan) August 22, 2022
The filing claims that Oracle has created “proxies” for sensitive data that other data brokers and advertisers have agreed not to track. Case in point, Facebook made it more difficult to target users based on race in certain advertising categories several years ago, but Oracle’s Identity Graph helped advertisers achieve the same results. It did this without acquiring any user consent, and even common sense measures like blocking third-party cookies are not enough to stop Oracle’s sophisticated data collection.
Oracle is based in the US and has registered as a data broker pursuant to the California Consumer Privacy Act (CCPA), but that law has a narrow scope, and there is no strong consumer privacy law at the federal level. Thus, the lawsuit relies on a patchwork of privacy laws including the Federal Electronic Communications Privacy Act, the Constitution of the State of California, and various competition laws. Undoubtedly, this will be an uphill battle for the complainants when Oracle has an army of lawyers on retainer. Oracle has yet to comment on the litigation.