Oracle Violating Numerous Privacy Laws, Class Action Says


Plaintiffs say Oracle collects and sells private data without citizens’ consent.

A class action complaint filed in federal court in San Francisco claims Oracle America, Inc., has violated the privacy of hundreds of millions of private citizens through “a deliberate and purposeful surveillance of the general population via [the individuals’] digital and online existence” (Katz-Lacabe, et al. v. Oracle America, Inc., No. 3:22-cv-04792, N.D. Calif.).

Characterizing Oracle as a “worldwide data broker,” the plaintiffs say the company has “created a network that tracks in real-time and records indefinitely the personal information” of many millions of private individuals, then sells that information to third parties directly through products and services “derived from this data,” and via its ID Graph service which, according to the company, “helps marketers connect identities across disparate marketing channels and devices to one customer.”

Oracle can use ID Graph in the Oracle Data Cloud platform. “This feature supports both direct linkages between digital advertising IDs (cookies, mobile advertising IDs, console IDs, and so on) and more complex connections bridged through your private ID. For example,” the product’s documentation explains, “you can create cookie-Private ID-MAID [or mobile advertising identifiers] and cookie-Private ID-console ID connections. These capabilities enable you to reach your customers on any device informed by your own identity dataset by using the [Digital Monitoring Product’s] cross-device targeting feature.”

The named plaintiffs in this proposed class action seek to represent hundreds of millions of people who “lack a direct relationship with Oracle and have no reasonable or practical basis upon which they could legally consent to Oracle’s surveillance.”  The plaintiffs “believe that the unregulated worldwide data marketplace abrogates the privacy and autonomy of the people and threatens core principles essential for democratic self-rule.”  The suit seeks to enforce the fundamental right to privacy and to secure redress and compensation for the “financial, dignitary, reputational, and relational harms Oracle has caused.” Plaintiffs want a ruling that Oracle is acting unlawfully and must cease the collection and re-selling of private data.

Causes of action include violation of  the California Constitution; Intrusion Upon Seclusion Under California Common Law; violation of Unfair Competition Law (aka Section 17200); violation of the California Invasion of Privacy Act; violation of the Federal Wiretap Act; and unjust enrichment.

The suit was filed Aug. 19 and has been assigned to Magistrate Judge Sallie Kim. Oracle is not yet due to answer the complaint.

Sign up to view this Whitepaper