How the Sweeping US Class Action Against Oracle Might Set Remarkable Privacy Precedent

Oct 12, 2022 | Privacy & Security

class action has been lodged in the U.S. against tech giant Oracle, accusing the multinational and its AdTech and advertising subsidiaries of running and profiting from a “worldwide surveillance machine” that has “amassed detailed dossiers on some five billion people” and violated “the privacy of the majority of the people on Earth.”

The sweeping complaint accuses Oracle of collecting the personal information of the five billion users, including their names, home addresses, emails, online and real-world purchases, physical movements in the real world, income, interests and political views, and online activity. The profiles or dossiers are allegedly referred to as “consumer identity graphs” and are stored in the “Oracle Data Cloud.”

Input magazine reports: “The case focuses on a service called “ID Graph,” which synthesizes collected data and matches it to a consistent user profile. According to the plaintiffs, Oracle is collecting this trove of data without user consent. The lawsuit alleges that Oracle even uses proxies to get around privacy controls.” 

The size and scale of the complaint is noteworthy. There are three complainants to the class action – Dr Johnny Ryan from the Irish Council for Civil Liberties (ICCL), Michael Katz-Lacabe from The Center for Human Rights and Privacy, and Dr Jennifer Golbeck from the University of Maryland — who say they are “acting on behalf of worldwide Internet users who have been subject to Oracle’s privacy violations.” And in the absence of a federal privacy law in the U.S., the complaint alleges violations of various other instruments: the Federal Electronic Communications Privacy Act, the Constitution of the State of California, the California Invasion of Privacy Act, competition law, and common law.

One of the complainants, the ICCL’s Dr Johnny Ryan, said: “Oracle has violated the privacy of billions of people across the globe. This is a Fortune 500 company on a dangerous mission to track where every person in the world goes, and what they do. We are taking this action to stop Oracle’s surveillance machine.”

But Input cautions: “There’s a steep road ahead for this lawsuit, no matter who backs it. Data privacy laws in the U.S. are piecemeal at best — which makes it very difficult to prove Oracle is doing anything wrong at a federal level. As TechCrunch notes, similar privacy suits have very much struggled to find footing in the past. Oracle, as a titan of the tech industry with a $227 billion market cap, will have top-notch legal aid on its side, too.”

Incidentally, Oracle was just appointed the official reviewer of Tik Tok algorithms to make sure the social media platform isn’t sending American data to China – which some commentators note is poor timing since the Tik Tok reviewer role is about making sure “everything’s air-tight from a data privacy perspective.”

What this class action says about big tech and data surveillance

We view this class action as yet another major push back against big tech and surveillance capitalism. The tide has definitely turned. Consumers are sick of trading their personal data for access to web sites and services, and there are privacy advocates willing to act on their behalf to better protect consumer data privacy. In this case, advocates are going into bat for most of the world’s population!

While Oracle has faced similar class actions over tracking in Europe, this is the first time a class action of this scale has been filed in the U.S. and tested U.S. law on the matter. We’ll follow this story closely because it might well set a remarkable precedent and be a real turning point for data privacy.

You May Also Like…