A group of US privacy advocates has filed a class action lawsuit against Oracle in California for breach of privacy. In it, the plaintiffs – Dr. Johnny Ryan, senior fellow of the Irish Council for Civil Liberties (ICCL), Michael Katz-Lacabe, research director at the Center for Human Rights and Privacy, and computer science professor Dr. Jennifer Golbeck of the University of Maryland alleges that Oracle and its adtech and advertising subsidiaries have collected detailed dossiers on around five billion people without their consent. We are acting on behalf of global internet users affected by Oracle’s data breaches.
The law firm Lieff Caraser Heimann & Bernstein, which specializes in data protection proceedings against large tech companies, is representing the plaintiffs against Oracle.
The core of the lawsuit is the allegation that Oracle is collecting huge amounts of data from ignorant Internet users, i.e. without their consent. It uses this monitoring data to create profiles of individuals and further enriches it via its own data marketplace. This is a huge threat to people’s privacy. Among other things, the plaintiffs accuse Oracle of circumventing data protection controls with proxies for sensitive data.
Commenting on the lawsuit, Ryan said, “Oracle has violated the privacy of billions of people around the world. This is a Fortune 500 company on a dangerous mission to track where every person on the planet goes.” world is going and what he is doing. We are taking this action to stop Oracle’s surveillance machine.”
Do you already know the free iX newsletter? Register now and don’t miss anything on the monthly release date: heise.de/s/NY1E The next issue will be about the cover topic of the September iX: Rapid energy saving measures in IT.
Uncertain outcome thanks to legal patchwork
However, the legal requirements are complicated: in the USA there is no comprehensive federal law on data protection, which makes it difficult to bring a case on data protection. Therefore, the lawsuit relates to multiple federal, constitutional, tort and state statutes and alleges violations of the Federal Electronic Communications Privacy Act, the California State Constitution, the California Invasion of Privacy Act, and competition and common law laws. It remains to be seen whether this approach of a legal patchwork quilt will actually prevail
Two years ago, Oracle was sued together with Salesforce for violations of the GDPR in England and the Netherlands. It was about the non-GDPR-compliant use of data for real-time auctions in advertising. The lawsuit in the Netherlands has since been dismissed (reasons in Dutch), but the plaintiff group Privacy Collective has announced an appeal against the decision. The UK lawsuit is currently on hold pending a decision on a previous privacy class action lawsuit against Google. However, two months later, Oracle declared that it no longer wanted to fill user profiles with external data, at least in Europe. However, the business with directly collected data continues.
To home page